Overview

File _patchinfo of Package patchinfo.6388

<patchinfo incident="6388">
  <issue id="1064580" tracker="bnc">VUL-0: CVE-2017-15804: glibc: buffer overflow during unescaping of user names in the glob function in glob.c</issue>
  <issue id="1064583" tracker="bnc">VUL-0: glibc: CVE-2017-15670 glibc: Buffer overflow in glob with GLOB_TILDE</issue>
  <issue id="1053188" tracker="bnc">OES2018 Beta3.10: smdrd crashed during backup reliability test</issue>
  <issue id="1074293" tracker="bnc">EMU: VUL-0: *EMBARGOED*: glibc: privilege escalation bug in glibc</issue>
  <issue id="1064569" tracker="bnc">VUL-1: CVE-2017-15671: glibc: Memory leak in glob with GLOB_TILDE</issue>
  <issue id="1071319" tracker="bnc">VUL-1: CVE-2017-1000408, CVE-2017-1000409: glibc: Memory leak and a buffer overflow in the dynamic loader</issue>
  <issue id="1051042" tracker="bnc">SLES 12 iconv_open() cannot create a mapping</issue>
  <issue id="1073231" tracker="bnc">VUL-0: CVE-2017-16997: glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries</issue>
  <issue id="1063675" tracker="bnc">Save final 'error' in __nptl_setxid_error()</issue>
  <issue id="1070905" tracker="bnc">glibc: Fail to build shared objects that use libmvec.so functions.</issue>
  <issue id="2017-15670" tracker="cve" />
  <issue id="2017-15671" tracker="cve" />
  <issue id="2017-1000408" tracker="cve" />
  <issue id="2017-1000409" tracker="cve" />
  <issue id="2017-16997" tracker="cve" />
  <issue id="2017-15804" tracker="cve" />
  <issue id="2018-1000001" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>Andreas_Schwab</packager>
  <description>This update for glibc fixes the following issues:

- A privilege escalation bug in the realpath() function has been fixed.
  [CVE-2018-1000001, bsc#1074293]

- A memory leak and a buffer overflow in the dynamic ELF loader has been fixed.
  [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319]

- An issue in the code handling RPATHs was fixed that could have been exploited
  by an attacker to execute code loaded from arbitrary libraries.
  [CVE-2017-16997, bsc#1073231]

- A potential crash caused by a use-after-free bug in pthread_create() has been
  fixed. [bsc#1053188]

- A bug that prevented users to build shared objects which use the optimized
  libmvec.so API has been fixed. [bsc#1070905]

- A memory leak in the glob() function has been fixed. [CVE-2017-15670,
  CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583]

- A bug that would lose the syscall error code value in case of crashes has
  been fixed. [bsc#1063675]
</description>
  <summary>Security update for glibc</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places