FEDORA-2017-270ab2baa3

https://sourceware.org/bugzilla/show_bug.cgi?id=21115

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491

USN-4416-1

100679

Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12133) It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-18269) It was discovered that the GNU C Library incorrectly handled certain pathname operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11236) It was discovered that the GNU C Library incorrectly handled certain AVX-512-optimized mempcpy operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11237) It was discovered that the GNU C Library incorrectly handled certain hostname loookups. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
(CVE-2018-19591) Jakub Wilk discovered that the GNU C Library incorrectly handled certain memalign functions. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-6485) It was discovered that the GNU C Library incorrectly ignored the LD_PREFER_MAP_32BIT_EXEC environment variable after security transitions. A local attacker could use this issue to bypass ASLR restrictions. (CVE-2019-19126) It was discovered that the GNU C Library incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service.
This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2019-9169) It was discovered that the GNU C Library incorrectly handled certain bit patterns. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10029) It was discovered that the GNU C Library incorrectly handled certain signal trampolines on PowerPC. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1751) It was discovered that the GNU C Library incorrectly handled tilde expansion. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1752).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - In the GNU C Library (aka glibc or libc6) through 2.28,     the getaddrinfo function would successfully parse a     string that contained an IPv4 address followed by     whitespace and arbitrary characters, which could lead     applications to incorrectly assume that it had parsed a     valid string, without the possibility of embedded HTTP     headers or other potentially dangerous     substrings.(CVE-2016-10739)

  - Stack-based buffer overflow in the glob implementation     in GNU C Library (aka glibc) before 2.24, when     GLOB_ALTDIRFUNC is used, allows context-dependent     attackers to cause a denial of service (crash) via a     long name.(CVE-2016-1234)

  - Use-after-free vulnerability in the clntudp_call     function in sunrpc/clnt_udp.c in the GNU C Library (aka     glibc or libc6) before 2.26 allows remote attackers to     have unspecified impact via vectors related to error     path.(CVE-2017-12133)

  - In the GNU C Library (aka glibc or libc6) through 2.29,     check_dst_limits_calc_pos_1 in posix/regexec.c has     Uncontrolled Recursion, as demonstrated by     '(\227|)(\\1\\1|t1|\\\2537)+' in grep.(CVE-2018-20796)

  - ** DISPUTED ** In the GNU C Library (aka glibc or     libc6) through 2.29, check_dst_limits_calc_pos_1 in     posix/regexec.c has Uncontrolled Recursion, as     demonstrated by '(|)(\\1\\1)*' in grep, a different     issue than CVE-2018-20796. NOTE: the software     maintainer disputes that this is a vulnerability     because the behavior occurs only with a crafted     pattern.(CVE-2019-9192)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Use-after-free vulnerability in the clntudp_call     function in sunrpc/clnt_udp.c in the GNU C Library (aka     glibc or libc6) before 2.26 allows remote attackers to     have unspecified impact via vectors related to error     path.(CVE-2017-12133)

  - In the GNU C Library (aka glibc or libc6) through 2.28,     the getaddrinfo function would successfully parse a     string that contained an IPv4 address followed by     whitespace and arbitrary characters, which could lead     applications to incorrectly assume that it had parsed a     valid string, without the possibility of embedded HTTP     headers or other potentially dangerous     substrings.(CVE-2016-10739)

  - An AVX-512-optimized implementation of the mempcpy     function in the GNU C Library (aka glibc or libc6) 2.27     and earlier may write data beyond the target buffer,     leading to a buffer overflow in
    __mempcpy_avx512_no_vzeroupper.(CVE-2018-11237)

  - res_query in libresolv in glibc before 2.25 allows     remote attackers to cause a denial of service (NULL     pointer dereference and process crash).(CVE-2015-5180)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - In the GNU C Library (aka glibc or libc6) through 2.28,     the getaddrinfo function would successfully parse a     string that contained an IPv4 address followed by     whitespace and arbitrary characters, which could lead     applications to incorrectly assume that it had parsed a     valid string, without the possibility of embedded HTTP     headers or other potentially dangerous     substrings.(CVE-2016-10739)

  - Use-after-free vulnerability in the clntudp_call     function in sunrpc/clnt_udp.c in the GNU C Library (aka     glibc or libc6) before 2.26 allows remote attackers to     have unspecified impact via vectors related to error     path.(CVE-2017-12133)

  - Stack-based buffer overflow in the glob implementation     in GNU C Library (aka glibc) before 2.24, when     GLOB_ALTDIRFUNC is used, allows context-dependent     attackers to cause a denial of service (crash) via a     long name.(CVE-2016-1234)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the glibc package has been released.

An update of [openjdk,openjre,bash,libtar,glibc,libgcrypt,strongswan,unzip] packages for PhotonOS has been released.

This update for glibc fixes the following issues: Security issues fixed :

  - CVE-2017-12133: Avoid use-after-free read access in     clntudp_call (bsc#1081556) Non security issue fixed :

  - Fix incorrect getaddrinfo assertion trigger     (bsc#1076871)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc fixes the following issues :

  - CVE-2017-12133: Avoid use-after-free read access in     clntudp_call (bsc#1081556)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for glibc fixes the following issues :

  - CVE-2017-12133: Avoid use-after-free read access in     clntudp_call (bsc#1081556)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update fixes a minor security vulnerability in the Sun RPC client (CVE-2017-12133).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
138166	Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : GNU C Library vulnerabilities (USN-4416-1)	Nessus	Ubuntu Local Security Checks	high
135640	EulerOS Virtualization 3.0.2.2 : glibc (EulerOS-SA-2020-1478)	Nessus	Huawei Local Security Checks	medium
131629	EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-2476)	Nessus	Huawei Local Security Checks	medium
130864	EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-2155)	Nessus	Huawei Local Security Checks	medium
121742	Photon OS 1.0: Glibc PHSA-2017-0040	Nessus	PhotonOS Local Security Checks	medium
111889	Photon OS 1.0: Bash / Glibc / Libgcrypt / Libtar / Openjdk / Openjre / Strongswan / Unzip PHSA-2017-0040 (deprecated)	Nessus	PhotonOS Local Security Checks	medium
108871	SUSE SLES11 Security Update : glibc (SUSE-SU-2018:0874-1)	Nessus	SuSE Local Security Checks	medium
108272	openSUSE Security Update : glibc (openSUSE-2018-250)	Nessus	SuSE Local Security Checks	medium
107292	SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2018:0655-1)	Nessus	SuSE Local Security Checks	medium
102933	Fedora 25 : glibc (2017-270ab2baa3)	Nessus	Fedora Local Security Checks	medium

CVE-2017-12133

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

medium

medium

medium

medium

medium

medium

medium

medium

medium