Описание
Security update for glibc
This update for glibc fixes the following issues:
Security issues fixed:
- CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911)
- CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489)
Also the following bug was fixed:
- Avoid concurrency problem in ldconfig (bsc#1117993)
Список пакетов
Container suse/sles12sp3:latest
HPE Helion OpenStack 8
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Ссылки
- Link for SUSE-SU-2021:3289-1
- E-Mail link for SUSE-SU-2021:3289-1
- SUSE Security Ratings
- SUSE Bug 1117993
- SUSE Bug 1186489
- SUSE Bug 1187911
- SUSE CVE CVE-2021-33574 page
- SUSE CVE CVE-2021-35942 page
Описание
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2021-33574
- SUSE Bug 1186489
- SUSE Bug 1189426
- SUSE Bug 1192788
- SUSE Bug 1196766
Описание
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
Затронутые продукты
Ссылки
- CVE-2021-35942
- SUSE Bug 1187911
- SUSE Bug 1192788