Fedora 26: glibc Security Advisory for Memory Corruption and Escalation

The glibc package contains standard libraries which are used by

multiple programs on the system. In order to save disk space and

memory, as well as to make upgrading easier, common system code is

kept in one place and shared between programs. This particular package

contains the most important sets of shared libraries: the standard C

library and the standard math library. Without these two libraries, a

Linux system will not function.

This update addresses two security vulnerabilities: * CVE-2017-15670,

CVE-2017-15671, CVE-2017-15804: Various vulnerabilities could lead to memory

corruption in the `glob` and `glob64` function. (RHBZ#1505298, RHBZ##1504807) *

CVE-2017-16997: Check for empty tokens before dynamic string token expansion in

the dynamic linker, so that pre-existing privileged programs with `$ORIGIN`

rpaths/runpaths do not cause the dynamic linker to search the current directory,

potentially leading to privilege escalation. (RHBZ#1526866). *

CVE-2018-1000001: `getcwd` would sometimes return a non-absolute path, confusing

the `realpath` function, leading to privilege escalation in conjunction with

user namespaces. (RHBZ#1533837) In addition, this update replaces the dynamic

linker trampoline on x86-64 with a version which uses the `XSAVE` instruction if

it is available. This improves compatibility with future hardware and compilers

which do not follow the x86-64 ABI. This update also adjusts the thread stack

size accounting to provide additional stack space compared to previous glibc

versions (to avoid introducing RHBZ#1527887).

[ 1 ] Bug #1533837 - CVE-2018-1000001 glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1533837

[ 2 ] Bug #1526866 - CVE-2017-16997 glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1526866

[ 3 ] Bug #1504807 - CVE-2017-15670 CVE-2017-15671 glibc: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1504807

su -c 'dnf upgrade glibc' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org