Fedora 31: glibc FEDORA-2020-1a3bdfde17

    Date 20 Jan 2020
    358
    Posted By LinuxSecurity Advisories
    This update fixes a minor security vulnerability ([`LD_PREFER_MAP_32BIT_EXEC` not ignored in setuid binaries](https://bugzilla.redhat.com/show_bug.cgi?id=1774682) and addresses are long-standing bug where missing shared objects could cause crashes due to incorrectly handled `dlopen` failures (RHBZ#1395758). The latter fix also causes
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2020-1a3bdfde17
    2020-01-20 22:48:10.259348
    --------------------------------------------------------------------------------
    
    Name        : glibc
    Product     : Fedora 31
    Version     : 2.30
    Release     : 10.fc31
    URL         : https://www.gnu.org/software/glibc/
    Summary     : The GNU libc libraries
    Description :
    The glibc package contains standard libraries which are used by
    multiple programs on the system. In order to save disk space and
    memory, as well as to make upgrading easier, common system code is
    kept in one place and shared between programs. This particular package
    contains the most important sets of shared libraries: the standard C
    library and the standard math library. Without these two libraries, a
    Linux system will not function.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    This update fixes a minor security vulnerability ([`LD_PREFER_MAP_32BIT_EXEC`
    not ignored in setuid
    binaries](https://bugzilla.redhat.com/show_bug.cgi?id=1774682) and addresses are
    long-standing bug where missing shared objects could cause crashes due to
    incorrectly handled `dlopen` failures (RHBZ#1395758). The latter fix also causes
    lazy binding failures in ELF constructors and destructors to result in process
    termination (the same effect that lazy binding failures have in other contexts),
    rather than leaving the process in an inconsistent state. Furthermore, various
    issues in the `utmp`/`utmpx` subsystem have been addressed.  This update also
    includes various minor fixes from the glibc 2.30 upstream stable release branch.
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Fri Jan 17 2020 Florian Weimer  - 2.30-10
    - Fix dynamic loader crash after dlopen failure with NODELETE (#1395758)
    - Lazy binding failures during ELF constructors and destructors now always
      terminate the process.
    * Fri Jan 17 2020 Florian Weimer  - 2.30-9
    - Auto-sync with upstream branch release/2.30/master,
      commit 994e529a37953a057b9e6c80afa03b03fd3724f2:
    - Remove incorrect alloc_size attribute from pvalloc (swbz#25401)
    - login: Use pread64 in utmp implementation
    - Add nocancel version of pread64()
    - login: Introduce matches_last_entry to utmp processing
    - login: Acquire write lock early in pututline (swbz#24882)
    - login: Add nonstring attributes to struct utmp, struct utmpx (swbz#24899)
    - login: Remove double-assignment of fl.l_whence in try_file_lock
    - login: pututxline could fail to overwrite existing entries (swbz#24902)
    - login: Use struct flock64 in utmp (swbz#24880)
    - login: Disarm timer after utmp lock acquisition (swbz#24879)
    - login: Fix updwtmp, updwtmx unlocking
    - login: Replace macro-based control flow with function calls in utmp
    - login: Assume that _HAVE_UT_* constants are true
    - login: Remove utmp backend jump tables (swbz#23518)
    - misc/test-errno-linux: Handle EINVAL from quotactl
    - : Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang (swbz#25232)
    - x86: Assume --enable-cet if GCC defaults to CET (swbz#25225)
    - libio: Disable vtable validation for pre-2.1 interposed handles (swbz#25203)
    - S390: Fix handling of needles crossing a page in strstr z15 ifunc-variant. (swbz#25226)
    - rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC
      (CVE-2019-19126) (#1774682)
    - Don't use a custom wrapper macro around __has_include (swbz#25189)
    * Wed Dec  4 2019 Arjun Shankar  - 2.30-8
    - Rebuild to fix corrupt annobin data in crti.o and crtn.o [BZ# 1779399]
    * Tue Nov 19 2019 Arjun Shankar  - 2.30-7
    - Auto-sync with upstream branch release/2.30/master,
      commit 919af705eef416f4469341dfdf4ca23450f30236:
    - Update Alpha libm-test-ulps
    - hppa: Update libm-tests-ulps
    - alpha: force old OSF1 syscalls for getegid, geteuid and getppid [BZ #24986]
    - Fix RISC-V vfork build with Linux 5.3 kernel headers.
    - S390: Add new s390 platform z15.
    - Make tst-strftime2 and tst-strftime3 depend on locale generation
    - mips: Force RWX stack for hard-float builds that can run on pre-4.8 kernels
    - malloc: Fix missing accounting of top chunk in malloc_info [BZ #24026]
    - Add glibc.malloc.mxfast tunable
    - malloc: Various cleanups for malloc/tst-mxfast
    - Base max_fast on alignment, not width, of bins (Bug 24903)
    * Mon Sep 30 2019 Florian Weimer  - 2.30-6
    - Set the expects flags to clock_nanosleep (#1473680)
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1395758 - glibc: incomplete rollback of dynamic linker state on linking failure
            https://bugzilla.redhat.com/show_bug.cgi?id=1395758
      [ 2 ] Bug #1774682 - CVE-2019-19126 glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries [fedora-all]
            https://bugzilla.redhat.com/show_bug.cgi?id=1774682
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2020-1a3bdfde17' at the command
    line. For more information, refer to the dnf documentation available at
    https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    How do you feel about the elimination of the terms 'blacklist' and 'slave' from the Linux kernel?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/32-how-do-you-feel-about-the-elimination-of-the-terms-blacklist-and-slave-from-the-linux-kernel?task=poll.vote&format=json
    32
    radio
    [{"id":"112","title":"I strongly support this change - racially charged language should not be used in the code and documentation of the kernel and other open-source projects.","votes":"3","type":"x","order":"1","pct":42.86,"resources":[]},{"id":"113","title":"I'm indifferent - this small change will not affect broader issues of racial insensitivity and white privilege.","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"114","title":"I'm opposed to this change - there is no need to change language that has been used for years. It doesn't make sense for people to take offense to terminology used in community projects.","votes":"2","type":"x","order":"3","pct":28.57,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.