Fedora 27 Glibc: 2018-7714b514e2 Moderate Privilege Escalation Risks

The glibc package contains standard libraries which are used by

multiple programs on the system. In order to save disk space and

memory, as well as to make upgrading easier, common system code is

kept in one place and shared between programs. This particular package

contains the most important sets of shared libraries: the standard C

library and the standard math library. Without these two libraries, a

Linux system will not function.

This update addresses two security vulnerabilities: * CVE-2017-16997: Check for

empty tokens before dynamic string token expansion in the dynamic linker, so

that pre-existing privileged programs with `$ORIGIN` rpaths/runpaths do not

cause the dynamic linker to search the current directory, potentially leading to

privilege escalation. (RHBZ#1526866). * CVE-2018-1000001: `getcwd` would

sometimes return a non-absolute path, confusing the `realpath` function, leading

to privilege escalation in conjunction with user namespaces. (RHBZ#1533837) In

addition, this update changes the thread stack size accounting to provide

additional stack space compared to previous glibc versions. For some

applications (`nptd` in particular), the `PTHREAD_STACK_MIN` stack size was too

small on x86-64 machines with AVX-512 support (RHBZ#1527887).

[ 1 ] Bug #1526866 - CVE-2017-16997 glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1526866

[ 2 ] Bug #1533837 - CVE-2018-1000001 glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1533837

[ 3 ] Bug #1527887 - glibc: PTHREAD_STACK_MIN is too small on x86-64

https://bugzilla.redhat.com/show_bug.cgi?id=1527887

su -c 'dnf upgrade glibc' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org