Описание
Security update for glibc
This update for glibc fixes the following issues:
- CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution (bsc#1167631).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
glibc-2.26-lp151.19.11.1
glibc-32bit-2.26-lp151.19.11.1
glibc-devel-2.26-lp151.19.11.1
glibc-devel-32bit-2.26-lp151.19.11.1
glibc-devel-static-2.26-lp151.19.11.1
glibc-devel-static-32bit-2.26-lp151.19.11.1
glibc-extra-2.26-lp151.19.11.1
glibc-html-2.26-lp151.19.11.1
glibc-i18ndata-2.26-lp151.19.11.1
glibc-info-2.26-lp151.19.11.1
glibc-locale-2.26-lp151.19.11.1
glibc-locale-base-2.26-lp151.19.11.1
glibc-locale-base-32bit-2.26-lp151.19.11.1
glibc-profile-2.26-lp151.19.11.1
glibc-profile-32bit-2.26-lp151.19.11.1
glibc-utils-2.26-lp151.19.11.1
glibc-utils-32bit-2.26-lp151.19.11.1
nscd-2.26-lp151.19.11.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0467-1
- SUSE Security Ratings
- SUSE Bug 1167631
- SUSE CVE CVE-2020-1752 page
Описание
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.
Затронутые продукты
openSUSE Leap 15.1:glibc-2.26-lp151.19.11.1
openSUSE Leap 15.1:glibc-32bit-2.26-lp151.19.11.1
openSUSE Leap 15.1:glibc-devel-2.26-lp151.19.11.1
openSUSE Leap 15.1:glibc-devel-32bit-2.26-lp151.19.11.1
Ссылки
- CVE-2020-1752
- SUSE Bug 1167631