Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Fedora 34: glibc 2.33-20 Critical Alert: Wordexp Buffer Overflow

fedora
Calendar Grey July 13, 2021
Dist Fedora Esm H88
Important glibc patch released for Fedora 34 fixing buffer overflow and unauthorized read issues. Update immediately!
Auto-sync with upstream branch release/2.33/master Upstream commit: edfd11197ecf3629bbb4b66c5814da09a61a7f9f - wordexp: handle overflow in positional parameter number (swbz#...

Summary

The glibc package contains standard libraries which are used by

multiple programs on the system. In order to save disk space and

memory, as well as to make upgrading easier, common system code is

kept in one place and shared between programs. This particular package

contains the most important sets of shared libraries: the standard C

library and the standard math library. Without these two libraries, a

Linux system will not function.

Auto-sync with upstream branch release/2.33/master Upstream commit:

edfd11197ecf3629bbb4b66c5814da09a61a7f9f - wordexp: handle overflow in

positional parameter number (swbz#28011, CVE-2021-35942)

* Sun Jul 11 2021 Patsy Griffin - 2.33-20

- Auto-sync with upstream branch release/2.33/master,

commit edfd11197ecf3629bbb4b66c5814da09a61a7f9f.

- wordexp: handle overflow in positional parameter number (swbz#28011)

* Wed Jul 7 2021 Florian Weimer - 2.33-19

- Preserve .symtab in libc.so.6 and the main shared objects (#1975895)

[ 1 ] Bug #1977976 - CVE-2021-35942 glibc: Arbitrary read in wordexp() [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1977976

su -c 'dnf upgrade --advisory FEDORA-2021-e14e86e40e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 34
Version: 2.33
Release: 20.fc34
URL:
Summary: The GNU libc libraries

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.