Security update for glibc
This update for glibc fixes the following issues:
Security issues fixed:
- CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930)
- CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791)
- CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036)
- CVE-2018-1000001: Avoid underflow of malloced area (bsc#1074293)
Non security bugs fixed:
- Release read lock after resetting timeout (bsc#1073990)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Andreas Schwab (Andreas_Schwab)
Fixed bugs
bnc#1037930
VUL-0: CVE-2017-8804: glibc, sunrpc: Memory leak after deserialization failure in xdr_bytes, xdr_string
bnc#1079036
VUL-0: CVE-2018-6485, CVE-2018-6551: glibc: An integer overflow in the implementation of the posix_memalign in memalign functions could cause these functions to return a pointer to a heap area that is too small
bnc#1073990
nscd, broken netgroup cache
bnc#1051791
VUL-0: CVE-2017-12132: glibc: resolv: Reduce advertised EDNS0 buffer size to guard against fragmentation attacks
bnc#1074293
VUL-0: CVE-2018-1000001: glibc: privilege escalation bug in glibc
