openSUSE-SU-2019:1250-1

Опубликовано: 20 апр. 2019

Источник: suse-cvrf

Описание

Security update for glibc

This update for glibc fixes the following issues:

Security issue fixed:

CVE-2016-10739: Fixed an improper implementation of getaddrinfo function which could allow applications to incorrectly assume that had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings (bsc#1122729).

Other issue fixed:

Fixed an issue where pthread_mutex_trylock did not use a correct order of instructions while maintained the robust mutex list due to missing compiler barriers (bsc#1130045).
Added new Japanese Era name support (bsc#1100396).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

glibc-2.26-lp150.11.17.1

glibc-32bit-2.26-lp150.11.17.1

glibc-devel-2.26-lp150.11.17.1

glibc-devel-32bit-2.26-lp150.11.17.1

glibc-devel-static-2.26-lp150.11.17.1

glibc-devel-static-32bit-2.26-lp150.11.17.1

glibc-extra-2.26-lp150.11.17.1

glibc-html-2.26-lp150.11.17.1

glibc-i18ndata-2.26-lp150.11.17.1

glibc-info-2.26-lp150.11.17.1

glibc-locale-2.26-lp150.11.17.1

glibc-locale-base-2.26-lp150.11.17.1

glibc-locale-base-32bit-2.26-lp150.11.17.1

glibc-profile-2.26-lp150.11.17.1

glibc-profile-32bit-2.26-lp150.11.17.1

glibc-utils-2.26-lp150.11.17.1

glibc-utils-32bit-2.26-lp150.11.17.1

nscd-2.26-lp150.11.17.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SEBZ42G23A4PRQRKKG425HHEGA3GK7EF/#SEBZ42G23A4PRQRKKG425HHEGA3GK7EF
E-Mail link for openSUSE-SU-2019:1250-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1100396
SUSE Bug 1100396
https://bugzilla.suse.com/1122729
SUSE Bug 1122729
https://bugzilla.suse.com/1130045
SUSE Bug 1130045
https://www.suse.com/security/cve/CVE-2016-10739/
SUSE CVE CVE-2016-10739 page

Описание

In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.

Затронутые продукты

openSUSE Leap 15.0:glibc-2.26-lp150.11.17.1

openSUSE Leap 15.0:glibc-32bit-2.26-lp150.11.17.1

openSUSE Leap 15.0:glibc-devel-2.26-lp150.11.17.1

openSUSE Leap 15.0:glibc-devel-32bit-2.26-lp150.11.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-10739.html
CVE-2016-10739
https://bugzilla.suse.com/1122729
SUSE Bug 1122729
https://bugzilla.suse.com/1155094
SUSE Bug 1155094

openSUSE-SU-2019:1250-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2016-10739

Описание

Затронутые продукты

Ссылки