Описание
Security update for glibc
This update for glibc fixes the following issues:
- libio: do not attempt to free wide buffers of legacy streams (bsc#1183085)
- CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
glibc-2.26-lp152.26.12.1
glibc-32bit-2.26-lp152.26.12.1
glibc-devel-2.26-lp152.26.12.1
glibc-devel-32bit-2.26-lp152.26.12.1
glibc-devel-static-2.26-lp152.26.12.1
glibc-devel-static-32bit-2.26-lp152.26.12.1
glibc-extra-2.26-lp152.26.12.1
glibc-html-2.26-lp152.26.12.1
glibc-i18ndata-2.26-lp152.26.12.1
glibc-info-2.26-lp152.26.12.1
glibc-locale-2.26-lp152.26.12.1
glibc-locale-base-2.26-lp152.26.12.1
glibc-locale-base-32bit-2.26-lp152.26.12.1
glibc-profile-2.26-lp152.26.12.1
glibc-profile-32bit-2.26-lp152.26.12.1
glibc-utils-2.26-lp152.26.12.1
glibc-utils-32bit-2.26-lp152.26.12.1
nscd-2.26-lp152.26.12.1
Ссылки
- E-Mail link for openSUSE-SU-2021:1560-1
- SUSE Security Ratings
- SUSE Bug 1027496
- SUSE Bug 1183085
- SUSE CVE CVE-2016-10228 page
Описание
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
Затронутые продукты
openSUSE Leap 15.2:glibc-2.26-lp152.26.12.1
openSUSE Leap 15.2:glibc-32bit-2.26-lp152.26.12.1
openSUSE Leap 15.2:glibc-devel-2.26-lp152.26.12.1
openSUSE Leap 15.2:glibc-devel-32bit-2.26-lp152.26.12.1
Ссылки
- CVE-2016-10228
- SUSE Bug 1027496
- SUSE Bug 1123874