Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:1629-1

Опубликовано: 20 июн. 2017
Источник: suse-cvrf

Описание

Security update for glibc

This update for glibc fixes the following issues:

  • CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357]

  • A bug in glibc that could result in deadlocks between malloc() and fork() has been fixed. [bsc#1040043]

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2
glibc-2.22-4.9.1
glibc-32bit-2.22-4.9.1
glibc-devel-2.22-4.9.1
glibc-devel-32bit-2.22-4.9.1
glibc-devel-static-2.22-4.9.1
glibc-devel-static-32bit-2.22-4.9.1
glibc-extra-2.22-4.9.1
glibc-html-2.22-4.9.1
glibc-i18ndata-2.22-4.9.1
glibc-info-2.22-4.9.1
glibc-locale-2.22-4.9.1
glibc-locale-32bit-2.22-4.9.1
glibc-obsolete-2.22-4.9.1
glibc-profile-2.22-4.9.1
glibc-profile-32bit-2.22-4.9.1
glibc-testsuite-2.22-4.9.2
glibc-utils-2.22-4.9.1
glibc-utils-32bit-2.22-4.9.1
nscd-2.22-4.9.1

Ссылки

Описание

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

Затронутые продукты
openSUSE Leap 42.2:glibc-2.22-4.9.1
openSUSE Leap 42.2:glibc-32bit-2.22-4.9.1
openSUSE Leap 42.2:glibc-devel-2.22-4.9.1
openSUSE Leap 42.2:glibc-devel-32bit-2.22-4.9.1
Ссылки
Уязвимость openSUSE-SU-2017:1629-1