Описание
Security update for glibc
This update for glibc fixes the following issues:
- CVE-2020-10029: Fixed a potential overflow in on-stack buffer during range reduction (bsc#1165784).
- Fixed an issue where pthread were not always locked correctly (bsc#1164505).
- Document mprotect and introduce section on memory protection (bsc#1163184).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
glibc-2.26-lp151.19.3.1
glibc-32bit-2.26-lp151.19.3.1
glibc-devel-2.26-lp151.19.3.1
glibc-devel-32bit-2.26-lp151.19.3.1
glibc-devel-static-2.26-lp151.19.3.1
glibc-devel-static-32bit-2.26-lp151.19.3.1
glibc-extra-2.26-lp151.19.3.1
glibc-html-2.26-lp151.19.3.1
glibc-i18ndata-2.26-lp151.19.3.1
glibc-info-2.26-lp151.19.3.1
glibc-locale-2.26-lp151.19.3.1
glibc-locale-base-2.26-lp151.19.3.1
glibc-locale-base-32bit-2.26-lp151.19.3.1
glibc-profile-2.26-lp151.19.3.1
glibc-profile-32bit-2.26-lp151.19.3.1
glibc-utils-2.26-lp151.19.3.1
glibc-utils-32bit-2.26-lp151.19.3.1
nscd-2.26-lp151.19.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0381-1
- SUSE Security Ratings
- SUSE Bug 1163184
- SUSE Bug 1164505
- SUSE Bug 1165784
- SUSE CVE CVE-2020-10029 page
Описание
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
Затронутые продукты
openSUSE Leap 15.1:glibc-2.26-lp151.19.3.1
openSUSE Leap 15.1:glibc-32bit-2.26-lp151.19.3.1
openSUSE Leap 15.1:glibc-devel-2.26-lp151.19.3.1
openSUSE Leap 15.1:glibc-devel-32bit-2.26-lp151.19.3.1
Ссылки
- CVE-2020-10029
- SUSE Bug 1165784