Описание
Security update for glibc
This update for glibc fixes the following issues:
-
A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293]
-
A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319]
-
An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries. [CVE-2017-16997, bsc#1073231]
-
A potential crash caused by a use-after-free bug in pthread_create() has been fixed. [bsc#1053188]
-
A bug that prevented users to build shared objects which use the optimized libmvec.so API has been fixed. [bsc#1070905]
-
A memory leak in the glob() function has been fixed. [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583]
-
A bug that would lose the syscall error code value in case of crashes has been fixed. [bsc#1063675]
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:0089-1
- SUSE Security Ratings
Описание
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
Затронутые продукты
Ссылки
- CVE-2017-1000408
- SUSE Bug 1039357
- SUSE Bug 1071319
Описание
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
Затронутые продукты
Ссылки
- CVE-2017-1000409
- SUSE Bug 1071319
Описание
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
Затронутые продукты
Ссылки
- CVE-2017-15670
- SUSE Bug 1064583
Описание
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
Затронутые продукты
Ссылки
- CVE-2017-15671
- SUSE Bug 1064569
- SUSE Bug 1135444
Описание
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
Затронутые продукты
Ссылки
- CVE-2017-15804
- SUSE Bug 1064580
Описание
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
Затронутые продукты
Ссылки
- CVE-2017-16997
- SUSE Bug 1073231
Описание
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Затронутые продукты
Ссылки
- CVE-2018-1000001
- SUSE Bug 1074293
- SUSE Bug 1099047