SUSE-SU-2021:2480-1

Опубликовано: 27 июл. 2021

Источник: suse-cvrf

Описание

Security update for glibc

This update for glibc fixes the following issues:

Security issues fixed:

CVE-2021-35942: wordexp: Fixed handle overflow in positional parameter number (bsc#1187911)
CVE-2016-10228: Rewrite iconv option parsing (bsc#1027496)

Other fixes:

Fixed race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330)

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest

glibc-2.22-114.12.1

Container suse/sles12sp4:latest

glibc-2.22-114.12.1

Container suse/sles12sp5:latest

glibc-2.22-114.12.1

Image SLES12-SP4-Azure-BYOS

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP4-EC2-HVM-BYOS

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP4-GCE-BYOS

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP4-SAP-Azure

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP4-SAP-Azure-BYOS

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

glibc-2.22-114.12.1

glibc-32bit-2.22-114.12.1

glibc-devel-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

glibc-2.22-114.12.1

glibc-32bit-2.22-114.12.1

glibc-devel-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP4-SAP-EC2-HVM

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP4-SAP-GCE

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP4-SAP-GCE-BYOS

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-Azure-BYOS

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-Azure-Basic-On-Demand

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-Azure-HPC-BYOS

glibc-2.22-114.12.1

glibc-32bit-2.22-114.12.1

glibc-devel-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-Azure-HPC-On-Demand

glibc-2.22-114.12.1

glibc-32bit-2.22-114.12.1

glibc-devel-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-Azure-SAP-BYOS

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-Azure-SAP-On-Demand

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-Azure-Standard-On-Demand

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-EC2-BYOS

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-EC2-ECS-On-Demand

glibc-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-EC2-On-Demand

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-EC2-SAP-BYOS

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-EC2-SAP-On-Demand

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-GCE-BYOS

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-GCE-On-Demand

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-GCE-SAP-BYOS

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-GCE-SAP-On-Demand

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-OCI-BYOS-BYOS

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

glibc-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

glibc-2.22-114.12.1

glibc-32bit-2.22-114.12.1

glibc-devel-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

glibc-2.22-114.12.1

glibc-32bit-2.22-114.12.1

glibc-devel-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-locale-2.22-114.12.1

nscd-2.22-114.12.1

SUSE Linux Enterprise Server 12 SP5

glibc-2.22-114.12.1

glibc-32bit-2.22-114.12.1

glibc-devel-2.22-114.12.1

glibc-devel-32bit-2.22-114.12.1

glibc-html-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-info-2.22-114.12.1

glibc-locale-2.22-114.12.1

glibc-locale-32bit-2.22-114.12.1

glibc-profile-2.22-114.12.1

glibc-profile-32bit-2.22-114.12.1

nscd-2.22-114.12.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

glibc-2.22-114.12.1

glibc-32bit-2.22-114.12.1

glibc-devel-2.22-114.12.1

glibc-devel-32bit-2.22-114.12.1

glibc-html-2.22-114.12.1

glibc-i18ndata-2.22-114.12.1

glibc-info-2.22-114.12.1

glibc-locale-2.22-114.12.1

glibc-locale-32bit-2.22-114.12.1

glibc-profile-2.22-114.12.1

glibc-profile-32bit-2.22-114.12.1

nscd-2.22-114.12.1

SUSE Linux Enterprise Software Development Kit 12 SP5

glibc-devel-static-2.22-114.12.1

glibc-info-2.22-114.12.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20212480-1/
Link for SUSE-SU-2021:2480-1
https://lists.suse.com/pipermail/sle-security-updates/2021-July/009218.html
E-Mail link for SUSE-SU-2021:2480-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1027496
SUSE Bug 1027496
https://bugzilla.suse.com/1131330
SUSE Bug 1131330
https://bugzilla.suse.com/1187911
SUSE Bug 1187911
https://www.suse.com/security/cve/CVE-2016-10228/
SUSE CVE CVE-2016-10228 page
https://www.suse.com/security/cve/CVE-2021-35942/
SUSE CVE CVE-2021-35942 page

Описание

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

Затронутые продукты

Container suse/ltss/sle12.5/sles12sp5:latest:glibc-2.22-114.12.1

Container suse/sles12sp4:latest:glibc-2.22-114.12.1

Container suse/sles12sp5:latest:glibc-2.22-114.12.1

Image SLES12-SP4-Azure-BYOS:glibc-2.22-114.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-10228.html
CVE-2016-10228
https://bugzilla.suse.com/1027496
SUSE Bug 1027496
https://bugzilla.suse.com/1123874
SUSE Bug 1123874

Описание

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

Затронутые продукты

Container suse/ltss/sle12.5/sles12sp5:latest:glibc-2.22-114.12.1

Container suse/sles12sp4:latest:glibc-2.22-114.12.1

Container suse/sles12sp5:latest:glibc-2.22-114.12.1

Image SLES12-SP4-Azure-BYOS:glibc-2.22-114.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-35942.html
CVE-2021-35942
https://bugzilla.suse.com/1187911
SUSE Bug 1187911
https://bugzilla.suse.com/1192788
SUSE Bug 1192788

SUSE-SU-2021:2480-1

Описание

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest

Container suse/sles12sp4:latest

Container suse/sles12sp5:latest

Image SLES12-SP4-Azure-BYOS

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-GCE-BYOS

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-Azure-BYOS

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-OCI-BYOS-BYOS

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2016-10228

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-35942

Описание

Затронутые продукты

Ссылки