File _patchinfo of Package patchinfo.6642

<patchinfo incident="6642">
  <issue id="1037930" tracker="bnc">VUL-0: CVE-2017-8804: glibc, sunrpc: Memory leak after deserialization failure in xdr_bytes, xdr_string</issue>
  <issue id="1079036" tracker="bnc">VUL-0: CVE-2018-6485, CVE-2018-6551: glibc: An integer overflow in the implementation of the posix_memalign in memalign functions could cause these functions to return a pointer to a heap area that is too small</issue>
  <issue id="1073990" tracker="bnc">nscd, broken netgroup cache</issue>
  <issue id="1051791" tracker="bnc">VUL-0: CVE-2017-12132: glibc: resolv: Reduce advertised EDNS0 buffer size to guard against fragmentation attacks</issue>
  <issue id="1074293" tracker="bnc">VUL-0: CVE-2018-1000001: glibc: privilege escalation bug in glibc</issue>
  <issue id="2017-12132" tracker="cve" />
  <issue id="2018-6551" tracker="cve" />
  <issue id="2018-6485" tracker="cve" />
  <issue id="2017-8804" tracker="cve" />
  <issue id="2018-1000001" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>Andreas_Schwab</packager>
  <description>
  
This update for glibc fixes the following issues:

Security issues fixed:

- CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930)
- CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791)
- CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036)
- CVE-2018-1000001: Avoid underflow of malloced area (bsc#1074293)

Non security bugs fixed:

- Release read lock after resetting timeout (bsc#1073990)
</description>
  <summary>Security update for glibc</summary>
</patchinfo>