Описание
Security update for glibc
This update for glibc fixes the following issues:
- CVE-2020-1752: Fix use-after-free in glob when expanding ~user (bsc#1167631)
Список пакетов
Container suse/sles12sp3:latest
glibc-2.22-123.1
HPE Helion OpenStack 8
glibc-2.22-123.1
glibc-32bit-2.22-123.1
glibc-devel-2.22-123.1
glibc-devel-32bit-2.22-123.1
glibc-html-2.22-123.1
glibc-i18ndata-2.22-123.1
glibc-info-2.22-123.1
glibc-locale-2.22-123.1
glibc-locale-32bit-2.22-123.1
glibc-profile-2.22-123.1
glibc-profile-32bit-2.22-123.1
nscd-2.22-123.1
SUSE Linux Enterprise Server 12 SP2-BCL
glibc-2.22-123.1
glibc-32bit-2.22-123.1
glibc-devel-2.22-123.1
glibc-devel-32bit-2.22-123.1
glibc-html-2.22-123.1
glibc-i18ndata-2.22-123.1
glibc-info-2.22-123.1
glibc-locale-2.22-123.1
glibc-locale-32bit-2.22-123.1
glibc-profile-2.22-123.1
glibc-profile-32bit-2.22-123.1
nscd-2.22-123.1
SUSE Linux Enterprise Server 12 SP3-BCL
glibc-2.22-123.1
glibc-32bit-2.22-123.1
glibc-devel-2.22-123.1
glibc-devel-32bit-2.22-123.1
glibc-html-2.22-123.1
glibc-i18ndata-2.22-123.1
glibc-info-2.22-123.1
glibc-locale-2.22-123.1
glibc-locale-32bit-2.22-123.1
glibc-profile-2.22-123.1
glibc-profile-32bit-2.22-123.1
nscd-2.22-123.1
SUSE Linux Enterprise Server 12 SP3-LTSS
glibc-2.22-123.1
glibc-32bit-2.22-123.1
glibc-devel-2.22-123.1
glibc-devel-32bit-2.22-123.1
glibc-html-2.22-123.1
glibc-i18ndata-2.22-123.1
glibc-info-2.22-123.1
glibc-locale-2.22-123.1
glibc-locale-32bit-2.22-123.1
glibc-profile-2.22-123.1
glibc-profile-32bit-2.22-123.1
nscd-2.22-123.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
glibc-2.22-123.1
glibc-32bit-2.22-123.1
glibc-devel-2.22-123.1
glibc-devel-32bit-2.22-123.1
glibc-html-2.22-123.1
glibc-i18ndata-2.22-123.1
glibc-info-2.22-123.1
glibc-locale-2.22-123.1
glibc-locale-32bit-2.22-123.1
glibc-profile-2.22-123.1
glibc-profile-32bit-2.22-123.1
nscd-2.22-123.1
SUSE OpenStack Cloud 8
glibc-2.22-123.1
glibc-32bit-2.22-123.1
glibc-devel-2.22-123.1
glibc-devel-32bit-2.22-123.1
glibc-html-2.22-123.1
glibc-i18ndata-2.22-123.1
glibc-info-2.22-123.1
glibc-locale-2.22-123.1
glibc-locale-32bit-2.22-123.1
glibc-profile-2.22-123.1
glibc-profile-32bit-2.22-123.1
nscd-2.22-123.1
SUSE OpenStack Cloud Crowbar 8
glibc-2.22-123.1
glibc-32bit-2.22-123.1
glibc-devel-2.22-123.1
glibc-devel-32bit-2.22-123.1
glibc-html-2.22-123.1
glibc-i18ndata-2.22-123.1
glibc-info-2.22-123.1
glibc-locale-2.22-123.1
glibc-locale-32bit-2.22-123.1
glibc-profile-2.22-123.1
glibc-profile-32bit-2.22-123.1
nscd-2.22-123.1
Ссылки
- Link for SUSE-SU-2022:1123-1
- E-Mail link for SUSE-SU-2022:1123-1
- SUSE Security Ratings
- SUSE Bug 1167631
- SUSE CVE CVE-2020-1752 page
Описание
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.
Затронутые продукты
Container suse/sles12sp3:latest:glibc-2.22-123.1
HPE Helion OpenStack 8:glibc-2.22-123.1
HPE Helion OpenStack 8:glibc-32bit-2.22-123.1
HPE Helion OpenStack 8:glibc-devel-2.22-123.1
Ссылки
- CVE-2020-1752
- SUSE Bug 1167631