Fedora 28: 2018-916dfe0d86 Moderate: glibc Buffer Overflow

The glibc package contains standard libraries which are used by

multiple programs on the system. In order to save disk space and

memory, as well as to make upgrading easier, common system code is

kept in one place and shared between programs. This particular package

contains the most important sets of shared libraries: the standard C

library and the standard math library. Without these two libraries, a

Linux system will not function.

This update ensures that valgrind works again without installing glibc debuginfo

packages (RHBZ#1570246). It also addresses a security vulnerability in the

`mempcpy` implementation for the Intel Xeon Phi processors (CVE-2018-11237,

RHBZ#1581275). Furthermore, the switch to libidn2 uses the final upstream

patches (RHBZ#1452750(.

* Thu May 24 2018 Florian Weimer - 2.27-15

- Rebuild to add back .symtab section in ld.so (#1570246)

- Switch to upstream version of libidn2 removal (#1452750)

- Auto-sync with upstream branch release/2.27/master,

commit 50df56ca86a281c8fd99a8100aac75539813788d:

- CVE-2018-11237: Buffer overflow in mempcpy for Xeon Phi (#1581275)

* Thu May 17 2018 Florian Weimer - 2.27-14

- Do not run telinit u on upgrades (#1579225)

* Tue May 15 2018 Florian Weimer - 2.27-13

- Auto-sync with upstream branch release/2.27/master,

commit 0cd4a5e87f6885a2f15fe8e7eb7378d010cdb606:

- sunrpc: Remove stray exports (#1577210)

- gd_GB: Fix typo in abbreviated "May" (swbz#23152)

- realpath: Fix path length overflow (swbz#22786)

- elf: Fix stack overflow with huge PT_NOTE segment (swbz#20419)

- resolv: Fully initialize struct mmsghdr in send_dg (swbz#23037)

- manual: Various fixes to the mbstouwcs example, and mbrtowc update

- getlogin_r: return early when linux sentinel value is set

- resolv: Fix crash in resolver on memory allocation failure (swbz#23005)

- Fix signed integer overflow in random_r (swbz#17343)

- RISC-V: fix struct kernel_sigaction to match the kernel version (swbz#23069)

* Fri May 11 2018 Florian Weimer - 2.27-12

- Unconditionally build downstream with -mstackrealign for now

* Fri May 11 2018 Florian Weimer - 2.27-11

- Inherit compiler flags in the original order

* Fri May 11 2018 Florian Weimer - 2.27-10

- Inherit the -mstackrealign flag if it is set

* Fri May 11 2018 Florian Weimer - 2.27-9

- Use /usr/bin/python3 for benchmarks scripts (#1577223)

[ 1 ] Bug #1452750 - glibc: switch to libidn2

https://bugzilla.redhat.com/show_bug.cgi?id=1452750

[ 2 ] Bug #1581275 - CVE-2018-11237 glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1581275

[ 3 ] Bug #1570246 - glibc: When built with file 5.33, valgrind stops working due to RPM ELF processing [Fedora]

https://bugzilla.redhat.com/show_bug.cgi?id=1570246

su -c 'dnf upgrade --advisory FEDORA-2018-916dfe0d86' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BBWUKF5U44F6HF2DUOJ3YDSML67Q4TT/