Overview

File _patchinfo of Package patchinfo.11570

<patchinfo incident="11570">
  <issue tracker="cve" id="2009-5155"/>
  <issue tracker="cve" id="2019-9169"/>
  <issue tracker="bnc" id="1127223">VUL-1: CVE-2009-5155: glibc: parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service</issue>
  <issue tracker="bnc" id="1127308">VUL-0: CVE-2019-9169: glibc: heap-based buffer over-read via an attempted case-insensitive regular-expression match</issue>
  <issue tracker="bnc" id="1123710">crti.o shouldn't contain compressed debug sections</issue>
  <issue tracker="bnc" id="1131330">pthread_mutex_destroy occasionally returns EBUSY even though mutex is unlocked</issue>
  <issue tracker="bnc" id="1117993">ldconfig not parallel safe</issue>
  <packager>Andreas_Schwab</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for glibc</summary>
  <description>This update for glibc fixes the following issues:

Security issues fixed:

- CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308).
- CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223).

Non-security issues fixed:

- Does no longer compress debug sections in crt*.o files (bsc#1123710)
- Fixes a concurrency problem in ldconfig (bsc#1117993)
- Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places