Sicherheit: Ausführen beliebiger Kommandos in glibc

Lesezeichen hinzufügen

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2021-6749bfcfd9
2021-03-19 19:51:22.364960
-------------------------------------------------------------------------------
-

Name : glibc
Product : Fedora 34
Version : 2.33
Release : 5.fc34
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

-------------------------------------------------------------------------------
-
Update Information:

This update adds a `--list-diagnostics` argument to the dynamic loader. It also
contains the following bug fixes: * NSS modules are loaded again after `chroot
`([swbz#27389](https://sourceware.org/bugzilla/show_bug.cgi?id=27389)). *
CVE-2021-27645: Use-after-free in `addgetnetgrentX` function in
`netgroupcache.c` (RHBZ#1932590) * `ldconfig` crash with dynamic tokens in
`LD_LIBRARY_PATH` (RHBZ#1609351) * An LTP test failure for
`pthread_cond_destroy` ([swbz#27304](
https://sourceware.org/bugzilla/show_bug.cgi?id=27304))
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Mar 16 2021 Florian Weimer <fweimer@redhat.com> - 2.33-5
- Import patches from the upstream glibc 2.33 branch, up to commit
db32fc27e7bdfb5468200a94e9152bcc1c971d25:
- test-container: Always copy test-specific support files [BZ #27537]
- nptl: Remove private futex optimization [BZ #27304]
- pthread_once hangs when init routine throws an exception [BZ #18435]
- elf: ld.so --help calls _dl_init_paths without a main map (#1609351)
- elf: Always set l in _dl_init_paths (bug 23462)
- x86: Handle _SC_LEVEL1_ICACHE_LINESIZE [BZ #27444]
- io: Return EBAFD for negative file descriptor on fstat (BZ #27559)
- nscd: Fix double free in netgroupcache [BZ #27462]
- x86: Set minimum x86-64 level marker [BZ #27318]
* Thu Mar 4 2021 Florian Weimer <fweimer@redhat.com> - 2.33-4
- Import patch from the upstream glibc 2.33 branch, up to commit
3e880d733753183696d1a81c34caef3a9add2b0c.
- nss: Re-enable NSS module loading after chroot [BZ #27389]
* Tue Mar 2 2021 Florian Weimer <fweimer@redhat.com> - 2.33-3
- Import patches from the upstream glibc 2.33 branch, up to commit
71b2463f6178a6097532dcfe8948bffbe2376dfb.
- x86: Add CPU-specific diagnostics to ld.so --list-diagnostics
- x86: Automate generation of PREFERRED_FEATURE_INDEX_1 bitfield
- ld.so: Implement the --list-diagnostics option
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-6749bfcfd9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure