This update for glibc fixes the following issues:
- A privilege escalation bug in the realpath() function has been fixed.
[CVE-2018-1000001, bsc#1074293]
- A memory leak and a buffer overflow in the dynamic ELF loader has been fixed.
[CVE-2017-1000408, CVE-2017-1000409, bsc#1071319]
- An issue in the code handling RPATHs was fixed that could have been exploited
by an attacker to execute code loaded from arbitrary libraries.
[CVE-2017-16997, bsc#1073231]
- A potential crash caused by a use-after-free bug in pthread_create() has been
fixed. [bsc#1053188]
- A bug that prevented users to build shared objects which use the optimized
libmvec.so API has been fixed. [bsc#1070905]
- A memory leak in the glob() function has been fixed. [CVE-2017-15670,
CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583]
- A bug that would lose the syscall error code value in case of crashes has
been fixed. [bsc#1063675]
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Andreas Schwab (Andreas_Schwab)
