101517

https://sourceware.org/bugzilla/show_bug.cgi?id=22325

An update of the glibc package has been released.

This update for glibc fixes the following issues :

Security issue fixed :

CVE-2017-15671: Fixed memory leak in glob with GLOB_TILDE (bsc#1064569, BZ #22325).

Non-security issue fixed: Avoid access beyond memory bounds in pthread_attr_getaffinity_np (bsc#1110170, BZ #15618).

Remove improper assert in dlclose (bsc#1110174, BZ #11941).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc fixes the following issues: Security issues fixed :

  - CVE-2017-15804: Fix buffer overflow during unescaping of     user names in the glob function in glob.c (bsc#1064580).

  - CVE-2017-15670: Fix buffer overflow in glob with     GLOB_TILDE (bsc#1064583).

  - CVE-2017-15671: Fix memory leak in glob with GLOB_TILDE     (bsc#1064569).

  - CVE-2018-11236: Fix 32bit arch integer overflow in     stdlib/canonicalize.c when processing very long pathname     arguments (bsc#1094161).

  - CVE-2017-12132: Reduce advertised EDNS0 buffer size to     guard against fragmentation attacks (bsc#1051791).

  - CVE-2018-1000001: Avoid underflow of malloced area     (bsc#1074293).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc fixes the following issues: Security issues fixed :

  - CVE-2017-15804: Fix buffer overflow during unescaping of     user names in the glob function in glob.c (bsc#1064580).

  - CVE-2017-15670: Fix buffer overflow in glob with     GLOB_TILDE (bsc#1064583).

  - CVE-2017-15671: Fix memory leak in glob with GLOB_TILDE     (bsc#1064569).

  - CVE-2018-11236: Fix 32bit arch integer overflow in     stdlib/canonicalize.c when processing very long pathname     arguments (bsc#1094161).

  - CVE-2017-12132: Reduce advertised EDNS0 buffer size to     guard against fragmentation attacks (bsc#1051791).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of {'libtiff', 'glibc', 'libsoup'} packages of Photon OS has been released.

The remote host is affected by the vulnerability described in GLSA-201804-02 (glibc: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in glibc. Please review       the CVE identifiers referenced below for details.
  Impact :

    An attacker could possibly execute arbitrary code, escalate privileges,       cause a Denial of Service condition, or have other unspecified impacts.
  Workaround :

    There is no known workaround at this time.

This update addresses two security vulnerabilities :

  - CVE-2017-15670, CVE-2017-15671, CVE-2017-15804: Various     vulnerabilities could lead to memory corruption in the     `glob` and `glob64` function. (RHBZ#1505298,     RHBZ##1504807)

  - CVE-2017-16997: Check for empty tokens before dynamic     string token expansion in the dynamic linker, so that     pre-existing privileged programs with `$ORIGIN`     rpaths/runpaths do not cause the dynamic linker to     search the current directory, potentially leading to     privilege escalation. (RHBZ#1526866).

  - CVE-2018-1000001: `getcwd` would sometimes return a     non-absolute path, confusing the `realpath` function,     leading to privilege escalation in conjunction with user     namespaces. (RHBZ#1533837) 

In addition, this update replaces the dynamic linker trampoline on x86-64 with a version which uses the `XSAVE` instruction if it is available. This improves compatibility with future hardware and compilers which do not follow the x86-64 ABI. This update also adjusts the thread stack size accounting to provide additional stack space compared to previous glibc versions (to avoid introducing RHBZ#1527887).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc fixes the following issues :

  - A privilege escalation bug in the realpath() function     has been fixed. [CVE-2018-1000001, bsc#1074293]

  - A memory leak and a buffer overflow in the dynamic ELF     loader has been fixed. [CVE-2017-1000408,     CVE-2017-1000409, bsc#1071319]

  - An issue in the code handling RPATHs was fixed that     could have been exploited by an attacker to execute code     loaded from arbitrary libraries. [CVE-2017-16997,     bsc#1073231]

  - A potential crash caused by a use-after-free bug in     pthread_create() has been fixed. [bsc#1053188]

  - A bug that prevented users to build shared objects which     use the optimized libmvec.so API has been fixed.
    [bsc#1070905]

  - A memory leak in the glob() function has been fixed.
    [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804,     bsc#1064569, bsc#1064580, bsc#1064583]

  - A bug that would lose the syscall error code value in     case of crashes has been fixed. [bsc#1063675]

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for glibc fixes the following issues :

  - A privilege escalation bug in the realpath() function     has been fixed. [CVE-2018-1000001, bsc#1074293]

  - A memory leak and a buffer overflow in the dynamic ELF     loader has been fixed. [CVE-2017-1000408,     CVE-2017-1000409, bsc#1071319]

  - An issue in the code handling RPATHs was fixed that     could have been exploited by an attacker to execute code     loaded from arbitrary libraries. [CVE-2017-16997,     bsc#1073231]

  - A potential crash caused by a use-after-free bug in     pthread_create() has been fixed. [bsc#1053188]

  - A bug that prevented users to build shared objects which     use the optimized libmvec.so API has been fixed.
    [bsc#1070905]

  - A memory leak in the glob() function has been fixed.
    [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804,     bsc#1064569, bsc#1064580, bsc#1064583]

  - A bug that would lose the syscall error code value in     case of crashes has been fixed. [bsc#1063675]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update adds support for the IBM858 codepage (RHBZ#1416405). It moves the `nss_compat` NSS service module to the main glibc package (RHBZ#1400538). As a security hardening measure, stdio streams are no longer flushed on process abort/assertion failure (RHBZ#1498880).
`/var/db/Makefile` is now included in the `nss_db` package (RHBZ#1498900). Fixes installation related failures for IBM z Series (RHBZ#1499260).

Two security fixes for the `glob` function are provided (CVE-2017-15670, CVE-2017-15671, RHBZ#1504807).

An error in the `sysconf` function which caused it to return -1 for `_SC_IOV_MAX` has been corrected (RHBZ#1504165).

The included upstream update from the glibc 2.26 stable branch improves C++ compatibility for ` <math.h>` functions and fixes a memory leak in malloc when thread local caches are in use.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
121956	Photon OS 2.0: Glibc PHSA-2018-2.0-0060	Nessus	PhotonOS Local Security Checks	high
119579	SUSE SLES11 Security Update : Recommended update for glibc (SUSE-SU-2018:4067-1)	Nessus	SuSE Local Security Checks	medium
111547	SUSE SLES12 Security Update : glibc (SUSE-SU-2018:2187-1)	Nessus	SuSE Local Security Checks	high
111546	SUSE SLES12 Security Update : glibc (SUSE-SU-2018:2185-1)	Nessus	SuSE Local Security Checks	high
111309	Photon OS 2.0 : libtiff / glibc / libsoup (PhotonOS-PHSA-2018-2.0-0060) (deprecated)	Nessus	PhotonOS Local Security Checks	high
108822	GLSA-201804-02 : glibc: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
106281	Fedora 26 : glibc (2018-8e27ad96ed)	Nessus	Fedora Local Security Checks	high
106059	openSUSE Security Update : glibc (openSUSE-2018-30)	Nessus	SuSE Local Security Checks	high
106044	SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2018:0074-1)	Nessus	SuSE Local Security Checks	high
105814	Fedora 27 : glibc (2017-0d3fdd3d1f)	Nessus	Fedora Local Security Checks	high

CVE-2017-15671

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins