Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:0909-1

Опубликовано: 21 мар. 2022
Источник: suse-cvrf

Описание

Security update for glibc

This update for glibc fixes the following issues:

  • CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
  • CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770)
  • CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640)

Список пакетов

Container suse/sles12sp3:latest
glibc-2.22-119.1
HPE Helion OpenStack 8
glibc-2.22-119.1
glibc-32bit-2.22-119.1
glibc-devel-2.22-119.1
glibc-devel-32bit-2.22-119.1
glibc-html-2.22-119.1
glibc-i18ndata-2.22-119.1
glibc-info-2.22-119.1
glibc-locale-2.22-119.1
glibc-locale-32bit-2.22-119.1
glibc-profile-2.22-119.1
glibc-profile-32bit-2.22-119.1
nscd-2.22-119.1
SUSE Linux Enterprise Server 12 SP2-BCL
glibc-2.22-119.1
glibc-32bit-2.22-119.1
glibc-devel-2.22-119.1
glibc-devel-32bit-2.22-119.1
glibc-html-2.22-119.1
glibc-i18ndata-2.22-119.1
glibc-info-2.22-119.1
glibc-locale-2.22-119.1
glibc-locale-32bit-2.22-119.1
glibc-profile-2.22-119.1
glibc-profile-32bit-2.22-119.1
nscd-2.22-119.1
SUSE Linux Enterprise Server 12 SP3-BCL
glibc-2.22-119.1
glibc-32bit-2.22-119.1
glibc-devel-2.22-119.1
glibc-devel-32bit-2.22-119.1
glibc-html-2.22-119.1
glibc-i18ndata-2.22-119.1
glibc-info-2.22-119.1
glibc-locale-2.22-119.1
glibc-locale-32bit-2.22-119.1
glibc-profile-2.22-119.1
glibc-profile-32bit-2.22-119.1
nscd-2.22-119.1
SUSE Linux Enterprise Server 12 SP3-LTSS
glibc-2.22-119.1
glibc-32bit-2.22-119.1
glibc-devel-2.22-119.1
glibc-devel-32bit-2.22-119.1
glibc-html-2.22-119.1
glibc-i18ndata-2.22-119.1
glibc-info-2.22-119.1
glibc-locale-2.22-119.1
glibc-locale-32bit-2.22-119.1
glibc-profile-2.22-119.1
glibc-profile-32bit-2.22-119.1
nscd-2.22-119.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
glibc-2.22-119.1
glibc-32bit-2.22-119.1
glibc-devel-2.22-119.1
glibc-devel-32bit-2.22-119.1
glibc-html-2.22-119.1
glibc-i18ndata-2.22-119.1
glibc-info-2.22-119.1
glibc-locale-2.22-119.1
glibc-locale-32bit-2.22-119.1
glibc-profile-2.22-119.1
glibc-profile-32bit-2.22-119.1
nscd-2.22-119.1
SUSE OpenStack Cloud 8
glibc-2.22-119.1
glibc-32bit-2.22-119.1
glibc-devel-2.22-119.1
glibc-devel-32bit-2.22-119.1
glibc-html-2.22-119.1
glibc-i18ndata-2.22-119.1
glibc-info-2.22-119.1
glibc-locale-2.22-119.1
glibc-locale-32bit-2.22-119.1
glibc-profile-2.22-119.1
glibc-profile-32bit-2.22-119.1
nscd-2.22-119.1
SUSE OpenStack Cloud Crowbar 8
glibc-2.22-119.1
glibc-32bit-2.22-119.1
glibc-devel-2.22-119.1
glibc-devel-32bit-2.22-119.1
glibc-html-2.22-119.1
glibc-i18ndata-2.22-119.1
glibc-info-2.22-119.1
glibc-locale-2.22-119.1
glibc-locale-32bit-2.22-119.1
glibc-profile-2.22-119.1
glibc-profile-32bit-2.22-119.1
nscd-2.22-119.1

Ссылки

Описание

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

Затронутые продукты
Container suse/sles12sp3:latest:glibc-2.22-119.1
HPE Helion OpenStack 8:glibc-2.22-119.1
HPE Helion OpenStack 8:glibc-32bit-2.22-119.1
HPE Helion OpenStack 8:glibc-devel-2.22-119.1
Ссылки

Описание

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Затронутые продукты
Container suse/sles12sp3:latest:glibc-2.22-119.1
HPE Helion OpenStack 8:glibc-2.22-119.1
HPE Helion OpenStack 8:glibc-32bit-2.22-119.1
HPE Helion OpenStack 8:glibc-devel-2.22-119.1
Ссылки

Описание

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Затронутые продукты
Container suse/sles12sp3:latest:glibc-2.22-119.1
HPE Helion OpenStack 8:glibc-2.22-119.1
HPE Helion OpenStack 8:glibc-32bit-2.22-119.1
HPE Helion OpenStack 8:glibc-devel-2.22-119.1
Ссылки
Уязвимость SUSE-SU-2022:0909-1