drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Umgebungsvariablen in glibc
Name: |
Mangelnde Prüfung von Umgebungsvariablen in glibc |
|
ID: |
SUSE-SU-2020:0262-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE Linux Enterprise Module for Basesystem 15, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP1, SUSE Linux Enterprise Module for Development Tools 15-SP1 |
|
Datum: |
Do, 30. Januar 2020, 16:59 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19126 |
|
Applikationen: |
GNU C library |
|
Originalnachricht |
SUSE Security Update: Security update for glibc ______________________________________________________________________________
Announcement ID: SUSE-SU-2020:0262-1 Rating: moderate References: #1149332 #1151582 #1157292 #1157893 #1158996 Cross-References: CVE-2019-19126 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________
An update that solves one vulnerability and has four fixes is now available.
Description:
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292).
Bug fixes:
- Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893). - Fixed Hardware support in toolchain (bsc#1151582). - Fixed syscalls during early process initialization (SLE-8348). - Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - Moved to posix_spawn on popen (bsc#1149332).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:
zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-262=1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:
zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-262=1
- SUSE Linux Enterprise Module for Development Tools 15-SP1:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-262=1
- SUSE Linux Enterprise Module for Development Tools 15:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2020-262=1
- SUSE Linux Enterprise Module for Basesystem 15-SP1:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-262=1
- SUSE Linux Enterprise Module for Basesystem 15:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-262=1
Package List:
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x x86_64):
glibc-debugsource-2.26-13.36.1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64):
glibc-32bit-debuginfo-2.26-13.36.1 glibc-devel-static-32bit-2.26-13.36.1 glibc-locale-base-32bit-2.26-13.36.1 glibc-locale-base-32bit-debuginfo-2.26-13.36.1 glibc-profile-32bit-2.26-13.36.1 glibc-utils-32bit-2.26-13.36.1 glibc-utils-32bit-debuginfo-2.26-13.36.1 glibc-utils-src-debugsource-2.26-13.36.1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch):
glibc-html-2.26-13.36.1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch):
glibc-html-2.26-13.36.1
- SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):
glibc-debuginfo-2.26-13.36.1 glibc-debugsource-2.26-13.36.1 glibc-devel-static-2.26-13.36.1 glibc-utils-2.26-13.36.1 glibc-utils-debuginfo-2.26-13.36.1 glibc-utils-src-debugsource-2.26-13.36.1
- SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64):
glibc-32bit-debuginfo-2.26-13.36.1 glibc-devel-32bit-2.26-13.36.1 glibc-devel-32bit-debuginfo-2.26-13.36.1
- SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64):
glibc-debuginfo-2.26-13.36.1 glibc-debugsource-2.26-13.36.1 glibc-devel-static-2.26-13.36.1 glibc-utils-2.26-13.36.1 glibc-utils-debuginfo-2.26-13.36.1 glibc-utils-src-debugsource-2.26-13.36.1
- SUSE Linux Enterprise Module for Development Tools 15 (x86_64):
glibc-32bit-debuginfo-2.26-13.36.1 glibc-devel-32bit-2.26-13.36.1 glibc-devel-32bit-debuginfo-2.26-13.36.1
- SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):
glibc-2.26-13.36.1 glibc-debuginfo-2.26-13.36.1 glibc-debugsource-2.26-13.36.1 glibc-devel-2.26-13.36.1 glibc-devel-debuginfo-2.26-13.36.1 glibc-extra-2.26-13.36.1 glibc-extra-debuginfo-2.26-13.36.1 glibc-locale-2.26-13.36.1 glibc-locale-base-2.26-13.36.1 glibc-locale-base-debuginfo-2.26-13.36.1 glibc-profile-2.26-13.36.1 nscd-2.26-13.36.1 nscd-debuginfo-2.26-13.36.1
- SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64):
glibc-32bit-2.26-13.36.1 glibc-32bit-debuginfo-2.26-13.36.1 glibc-locale-base-32bit-2.26-13.36.1 glibc-locale-base-32bit-debuginfo-2.26-13.36.1
- SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):
glibc-i18ndata-2.26-13.36.1 glibc-info-2.26-13.36.1
- SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64):
glibc-2.26-13.36.1 glibc-debuginfo-2.26-13.36.1 glibc-debugsource-2.26-13.36.1 glibc-devel-2.26-13.36.1 glibc-devel-debuginfo-2.26-13.36.1 glibc-extra-2.26-13.36.1 glibc-extra-debuginfo-2.26-13.36.1 glibc-locale-2.26-13.36.1 glibc-locale-base-2.26-13.36.1 glibc-locale-base-debuginfo-2.26-13.36.1 glibc-profile-2.26-13.36.1 nscd-2.26-13.36.1 nscd-debuginfo-2.26-13.36.1
- SUSE Linux Enterprise Module for Basesystem 15 (noarch):
glibc-i18ndata-2.26-13.36.1 glibc-info-2.26-13.36.1
- SUSE Linux Enterprise Module for Basesystem 15 (x86_64):
glibc-32bit-2.26-13.36.1 glibc-32bit-debuginfo-2.26-13.36.1 glibc-locale-base-32bit-2.26-13.36.1 glibc-locale-base-32bit-debuginfo-2.26-13.36.1
References:
https://www.suse.com/security/cve/CVE-2019-19126.html https://bugzilla.suse.com/1149332 https://bugzilla.suse.com/1151582 https://bugzilla.suse.com/1157292 https://bugzilla.suse.com/1157893 https://bugzilla.suse.com/1158996
_______________________________________________ sle-security-updates mailing list sle-security-updates@lists.suse.com http://lists.suse.com/mailman/listinfo/sle-security-updates
|
|
|
|