drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in glibc
Name: |
Pufferüberlauf in glibc |
|
ID: |
FEDORA-2018-916dfe0d86 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 28 |
|
Datum: |
So, 27. Mai 2018, 21:38 |
|
Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=1570246
https://bugzilla.redhat.com/show_bug.cgi?id=1452750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11237 |
|
Applikationen: |
GNU C library |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2018-916dfe0d86 2018-05-27 19:30:55.541742 ------------------------------------------------------------------------------- -
Name : glibc Product : Fedora 28 Version : 2.27 Release : 15.fc28 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
------------------------------------------------------------------------------- - Update Information:
This update ensures that valgrind works again without installing glibc debuginfo packages (RHBZ#1570246). It also addresses a security vulnerability in the `mempcpy` implementation for the Intel Xeon Phi processors (CVE-2018-11237, RHBZ#1581275). Furthermore, the switch to libidn2 uses the final upstream patches (RHBZ#1452750(. ------------------------------------------------------------------------------- - ChangeLog:
* Thu May 24 2018 Florian Weimer <fweimer@redhat.com> - 2.27-15 - Rebuild to add back .symtab section in ld.so (#1570246) - Switch to upstream version of libidn2 removal (#1452750) - Auto-sync with upstream branch release/2.27/master, commit 50df56ca86a281c8fd99a8100aac75539813788d: - CVE-2018-11237: Buffer overflow in mempcpy for Xeon Phi (#1581275) * Thu May 17 2018 Florian Weimer <fweimer@redhat.com> - 2.27-14 - Do not run telinit u on upgrades (#1579225) * Tue May 15 2018 Florian Weimer <fweimer@redhat.com> - 2.27-13 - Auto-sync with upstream branch release/2.27/master, commit 0cd4a5e87f6885a2f15fe8e7eb7378d010cdb606: - sunrpc: Remove stray exports (#1577210) - gd_GB: Fix typo in abbreviated "May" (swbz#23152) - realpath: Fix path length overflow (swbz#22786) - elf: Fix stack overflow with huge PT_NOTE segment (swbz#20419) - resolv: Fully initialize struct mmsghdr in send_dg (swbz#23037) - manual: Various fixes to the mbstouwcs example, and mbrtowc update - getlogin_r: return early when linux sentinel value is set - resolv: Fix crash in resolver on memory allocation failure (swbz#23005) - Fix signed integer overflow in random_r (swbz#17343) - RISC-V: fix struct kernel_sigaction to match the kernel version (swbz#23069) * Fri May 11 2018 Florian Weimer <fweimer@redhat.com> - 2.27-12 - Unconditionally build downstream with -mstackrealign for now * Fri May 11 2018 Florian Weimer <fweimer@redhat.com> - 2.27-11 - Inherit compiler flags in the original order * Fri May 11 2018 Florian Weimer <fweimer@redhat.com> - 2.27-10 - Inherit the -mstackrealign flag if it is set * Fri May 11 2018 Florian Weimer <fweimer@redhat.com> - 2.27-9 - Use /usr/bin/python3 for benchmarks scripts (#1577223) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1452750 - glibc: switch to libidn2 https://bugzilla.redhat.com/show_bug.cgi?id=1452750 [ 2 ] Bug #1581275 - CVE-2018-11237 glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1581275 [ 3 ] Bug #1570246 - glibc: When built with file 5.33, valgrind stops working due to RPM ELF processing [Fedora] https://bugzilla.redhat.com/show_bug.cgi?id=1570246 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-916dfe0d86' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BBWUKF5U44F6HF2DUOJ3YDSML67Q4TT/
|
|
|
|