Security update for glibc
This update for glibc fixes the following issues:
- CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150)
- CVE-2018-11236: Fix overflow in path length computation (bsc#1094161)
- CVE-2018-11237: Don't write beyond buffer destination in __mempcpy_avx512_no_vzeroupper (bsc#1094154)
Non security bugs fixed:
- Fix crash in resolver on memory allocation failure (bsc#1086690)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Andreas Schwab (Andreas_Schwab)
Fixed bugs
bnc#1094150
VUL-0: CVE-2017-18269: glibc: memory corruption in memcpy-sse2-unaligned.S
bnc#1086690
Partner-L3: SLES 15: getaddrinfo segfaults if malloc fails in a specific way
bnc#1094161
VUL-0: CVE-2018-11236: glibc: 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments
bnc#1094154
VUL-0: CVE-2018-11237: glibc: An AVX-512-optimized implementation of the mempcpy function in the GNU C Library(aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer,leading to a buffer overflow in __mempcpy_avx512_n
