drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in GNU C library
Name: |
Zwei Probleme in GNU C library |
|
ID: |
FEDORA-2018-7714b514e2 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 27 |
|
Datum: |
Mi, 24. Januar 2018, 07:12 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16997
https://bugzilla.redhat.com/show_bug.cgi?id=1527887 |
|
Applikationen: |
GNU C library |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2018-7714b514e2 2018-01-23 21:42:17.543365 ------------------------------------------------------------------------------- -
Name : glibc Product : Fedora 27 Version : 2.26 Release : 24.fc27 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
------------------------------------------------------------------------------- - Update Information:
This update addresses two security vulnerabilities: * CVE-2017-16997: Check for empty tokens before dynamic string token expansion in the dynamic linker, so that pre-existing privileged programs with `$ORIGIN` rpaths/runpaths do not cause the dynamic linker to search the current directory, potentially leading to privilege escalation. (RHBZ#1526866). * CVE-2018-1000001: `getcwd` would sometimes return a non-absolute path, confusing the `realpath` function, leading to privilege escalation in conjunction with user namespaces. (RHBZ#1533837) In addition, this update changes the thread stack size accounting to provide additional stack space compared to previous glibc versions. For some applications (`nptd` in particular), the `PTHREAD_STACK_MIN` stack size was too small on x86-64 machines with AVX-512 support (RHBZ#1527887). ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1526866 - CVE-2017-16997 glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1526866 [ 2 ] Bug #1533837 - CVE-2018-1000001 glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1533837 [ 3 ] Bug #1527887 - glibc: PTHREAD_STACK_MIN is too small on x86-64 https://bugzilla.redhat.com/show_bug.cgi?id=1527887 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade glibc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
|
|
|
|