Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in glibc
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in glibc
ID: FEDORA-2018-c1ef35a4f9
Distribution: Fedora
Plattformen: Fedora 27
Datum: Fr, 7. September 2018, 19:40
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11237
https://bugzilla.redhat.com/show_bug.cgi?id=1622669
https://bugzilla.redhat.com/show_bug.cgi?id=1615608
Applikationen: GNU C library

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-c1ef35a4f9
2018-09-07 15:22:29.302446
-------------------------------------------------------------------------------
-

Name : glibc
Product : Fedora 27
Version : 2.26
Release : 30.fc27
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

-------------------------------------------------------------------------------
-
Update Information:

This update removes a misleading comment from the documentation of the `abort`
function (RHBZ#1615608). A minor security vulnerability, CVE-2018-11237, a
buffer overflow in mempcpy for Xeon Phi (RHBZ#1581275) has been addressed. The
update also fixes the waiters-after-spinning case in the
`pthread_cond_broadcast` function (RHBZ#1622669). Two bugs in the CPUID
processing on x86 are also fixed (upstream bugs 23456 and 23459). The
verification of vtables for stdio is improved (upstream bugs 23236 and 23313).
A
test case under a non-free license is removed (upstream bug 23363). The
`if_nametoindex` now checks the length of interface names (upstream bug 22442).
`getifaddrs` no longer returns interfaces with NULL names (upstream bug 23171).
C++ compatibility of `iseqsig` has been improved (upstream bug 23171). A kernel
header interaction issue related to `struct timespec` was addressed (upstream
bug 23349).
-------------------------------------------------------------------------------
-
ChangeLog:

* Wed Aug 29 2018 Florian Weimer <fweimer@redhat.com> - 2.26-30
- Auto-sync with upstream branch release/2.26/master,
commit 174709d879a15590e00119c7f91dc2460aaf571c:
- CVE-2018-11237: Buffer overflow in mempcpy for Xeon Phi (#1581275)
- nptl: Fix waiters-after-spinning case in pthread_cond_broadcast (#1622669)
- x86: Correct index_cpu_LZCNT (swbz#23456)
- x86: Populate COMMON_CPUID_INDEX_80000001 for Intel CPUs (swbz#23459)
- stdio-common/tst-printf.c: Remove part under a non-free license (swbz#23363)
- libio: Disable vtable validation in case of interposition (swbz#23313)
- if_nametoindex: Check length of ifname before copying (swbz#22442)
- getifaddrs: Don't return ifa entries with NULL names (swbz#21812)
- time: Use _STRUCT_TIMESPEC as guard in <bits/types/struct_timespec.h>
(swbz#23349)
- math: Fix parameter type in C++ version of iseqsig (swbz#23171)
- libio: Avoid _allocate_buffer, _free_buffer function pointers (swbz#23236)
* Mon Aug 13 2018 Carlos O'Donell <carlos@redhat.com> - 2.26-29
- Remove abort() warning in manual (#1615608)
* Fri May 18 2018 Florian Weimer <fweimer@redhat.com> - 2.26-28
- Do not run telinit u on upgrades (#1579225)
- Auto-sync with upstream branch release/2.26/master,
commit af7519f7b35024224c163e32a89fb247b0c446fc:
- CVE-2018-11236: Fix path length overflow in realpath (#1581270, swbz#22786)
- Fix stack overflow with huge PT_NOTE segment (swbz#20419)
- Fix signed integer overflow in random_r (swbz#17343)
- i386: Fix i386 sigaction sa_restorer initialization (swbz#21269)
- nscd: Fix netgroup cache keys (swbz#22342)
- CVE-2017-18269: Fix i386 memmove issue (swbz#22644)
- Fix crash in resolver on memory allocation failure (swbz#23005)
- getlogin_r: return early when linux sentinel value is set (swbz#23024)
- resolv: Fully initialize struct mmsghdr in send_dg (swbz#23037)
* Fri Mar 2 2018 Florian Weimer <fweimer@redhat.com> - 2.26-27
- Restore unwind tables on POWER (#1550914)
* Thu Mar 1 2018 Florian Weimer <fweimer@redhat.com> - 2.26-26
- Auto-sync with upstream branch release/2.26/master,
commit d300041c533a3d837c9f37a099bcc95466860e98:
- CVE-2018-6485, CVE-2018-6551: Fix integer overflows in internal
memalign and malloc (#1542102, #1542119)
- powerpc: Fix syscalls during early process initialization (swbz#22685)
- math: Provide a C++ version of iseqsig (swbz#22377)
- aarch: Rewrite elf_machine_load_address using _DYNAMIC symbol
- x86-64: Properly align La_x86_64_retval to VEC_SIZE (swbz#22715)
* Wed Jan 17 2018 Florian Weimer <fweimer@redhat.com> - 2.26-25
- Build depend on python3, not python
* Mon Jan 15 2018 Florian Weimer <fweimer@redhat.com> - 2.26-24
- PTHREAD_STACK_MIN is too small on x86-64 (#1527887)
- Auto-sync with upstream branch release/2.26/master,
commit 247c1ddd309e3f4135045eab554f3817b7d765be.
* Mon Jan 15 2018 Florian Weimer <fweimer@redhat.com> - 2.26-23
- CVE-2018-1000001: Make getcwd fail if it cannot obtain an absolute path
(#1533837)
- CVE-2017-16997: Check for empty tokens before dynamic string token
expansion in the dynamic linker (#1526866)
- Auto-sync with upstream branch release/2.26/master,
commit fabef2edbc29424a8048bdd60eba1a201f95682b:
- elf: do not substitute dst in $LD_LIBRARY_PATH twice (swbz#22627)
* Mon Jan 15 2018 Florian Weimer <fweimer@redhat.com> - 2.26-22
- Add BuildRequires: cpp (for rpcgen)
* Fri Dec 22 2017 Florian Weimer <fweimer@redhat.com> - 2.26-21
- bash no longer has job control under systemd-nspawn (via mock) (#1468837)
- Auto-sync with upstream branch release/2.26/master,
commit 069c3dd05abc91fced6e1e119e425c361ad97644:
- CVE-2017-1000409: Count in expanded path in _dl_init_path (#1524867)
- CVE-2017-1000408: Compute correct array size in _dl_init_paths (#1524867)
* Wed Dec 6 2017 Florian Weimer <fweimer@redhat.com> - 2.26-20
- Auto-sync with upstream branch release/2.26/master,
commit 73a92363619e52c458146e903dfb9b1ba823aa40:
- malloc: Fix -Werror compilation failure with -O3 (swbz#22052)
* Wed Dec 6 2017 Florian Weimer <fweimer@redhat.com> - 2.26-19
- Auto-sync with upstream branch release/2.26/master,
commit df8c219cb987cfe85c550efa693a1383a11e38aa:
- CVE-2017-17426: malloc: Fix integer overflow in tcache (swbz#22375)
- CVE-2017-15804: glob: Fix overflow in GLOB_TILDE unescaping (swbz#22332)
- malloc: Add single-threaded path to _int_malloc
- powerpc: Update AT_HWCAP2 bits
- malloc: Abort on heap corruption, without a backtrace (swbz#21754)
- Don't use IFUNC resolver for longjmp or system in libpthread (swbz#21041)
- powerpc: Replace lxvd2x/stxvd2x with lvx/stvx in P7's memcpy/memmove
* Sat Nov 18 2017 Florian Weimer <fweimer@redhat.com> - 2.26-18
- Auto-sync with upstream branch release/2.26/master,
commit 2767ebd8bc34c8b632ea737296200a86f57289ad:
- crypt: Use NSPR header files in addition to NSS header files (#1489339)
- malloc: Use relaxed atomics for have_fastchunks
- malloc: Inline tcache functions
- x86-64: Regenerate libm-test-ulps for AVX512 mathvec tests
* Mon Nov 13 2017 Florian Weimer <fweimer@redhat.com> - 2.26-17
- Auto-sync with upstream branch release/2.26/master,
commit a81c1156c1a9a6161d49b295a09a4e4cff7a88d0:
- posix: Fix improper assert in Linux posix_spawn (swbz#22273)
- posix: Do not use WNOHANG in waitpid call for Linux posix_spawn
- posix: Fix compat glob code on s390 and alpha
- posix: Consolidate Linux glob implementation
- Fix range check in do_tunable_update_val
- Let signbit use the builtin in C++ mode with gcc < 6.x (swbz#22296)
- x86-64: Don't set GLRO(dl_platform) to NULL (swbz#22299)
- x86-64: Use fxsave/xsave/xsavec in _dl_runtime_resolve (swbz#21265)
* Thu Nov 2 2017 Florian Weimer <fweimer@redhat.com> - 2.26-16
- x86: Add x86_64 to x86-64 HWCAP (#1506802)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1581275 - CVE-2018-11237 glibc: Buffer overflow in
__mempcpy_avx512_no_vzeroupper [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1581275
[ 2 ] Bug #1622669 - glibc: Fix waiters-after-spinning case in
pthread_cond_broadcast
https://bugzilla.redhat.com/show_bug.cgi?id=1622669
[ 3 ] Bug #1615608 - Remove abort() warning in manual.
https://bugzilla.redhat.com/show_bug.cgi?id=1615608
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-c1ef35a4f9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung