File _patchinfo of Package patchinfo.22972

<patchinfo incident="22972">
  <category>security</category>
  <rating>important</rating>
  <packager>Andreas_Schwab</packager>
  <summary>Security update for glibc</summary>
  <issue id="1193625" tracker="bnc">VUL-0: CVE-2015-8985: glibc.i686,glibc: pop_fail_stack allows context-dependent attackers to cause a denial of service via extended regular expression processing</issue>
  <issue id="1194640" tracker="bnc">VUL-0: CVE-2021-3999: glibc: glibc: off-by-one buffer overflow/underflow in getcwd()</issue>
  <issue id="1194768" tracker="bnc">VUL-0: CVE-2022-23219: glibc.i686,glibc: stack buffer overflow in the deprecated function clnt_create in the sunrpc module</issue>
  <issue id="1194770" tracker="bnc">VUL-0: CVE-2022-23218: glibc.i686,glibc: stack buffer overflow in the deprecated function svcunix_create in the sunrpc module</issue>
  <issue id="1195560" tracker="bnc">L3-Question: pthread_rwlock_try*lock stalls ref:_00D1igLOd._5001iq9qYc:ref</issue>
  <issue id="2015-8985" tracker="cve" />
  <issue id="2021-3999" tracker="cve" />
  <issue id="2022-23218" tracker="cve" />
  <issue id="2022-23219" tracker="cve" />
  <description>
glibc was updated to fix the following issues:

Security issues fixed:

- CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for "unix" (bsc#1194768)
- CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770)
- CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640)
- CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625)

Also the following bug was fixed:

- Fix pthread_rwlock_try*lock stalls (bsc#1195560)
</description>
</patchinfo>
openSUSE Build Service is sponsored by