Linux Security
    Linux Security
    Linux Security

    Mageia 2021-0053: glibc security update

    Date 23 Jan 2021
    289
    Posted By LinuxSecurity Advisories
    Security fixes: - fix buffer overrun in EUC-KR conversion module [bz #2497] (CVE-2019-25013) - arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620] - arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620] - iconv: Fix incorrect UCS4 inner loop bounds [BZ #26923] (CVE-2020-29562)
    MGASA-2021-0053 - Updated glibc packages fix security vulnerability
    
    Publication date: 24 Jan 2021
    URL: https://advisories.mageia.org/MGASA-2021-0053.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2019-25013,
         CVE-2020-6096,
         CVE-2020-29562
    
    Security fixes:
    - fix buffer overrun in EUC-KR conversion module [bz #2497] (CVE-2019-25013)
    - arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620]
    - arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620]
    - iconv: Fix incorrect UCS4 inner loop bounds [BZ #26923] (CVE-2020-29562)
    other upstream fixes:
    - libio: Disable vtable validation for pre-2.1 interposed handles [BZ #25203]
    - string.h: Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang [BZ #25232]
    - misc/test-errno-linux: Handle EINVAL from quotactl
    - nss_compat: internal_end*ent may clobber errno, hiding ERANGE [BZ #25976]
    - Fix avx2 strncmp offset compare condition check [BZ #25933]
    - AArch64: Align ENTRY to a cacheline
    - AArch64: Add optimized Q-register memcpy
    - AArch64: Improve backwards memmove performance
    - AArch64: Rename IS_ARES to IS_NEOVERSE_N1
    - AArch64: Increase small and medium cases for __memcpy_generic
    - AArch64: Improve integer memcpy
    - AArch64: Use __memcpy_simd on Neoverse N2/V1
    - AArch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798]
    - AArch64: fix stack missing after sp is updated
    - x86-64: Avoid rep movsb with short distance [BZ #27130]
    - x86: Assume --enable-cet if GCC defaults to CET [BZ #25225]
    - x86: Check IFUNC definition in unrelocated executable [BZ #20019]
    - x86: Set header.feature_1 in TCB for always-on CET [BZ #27177]
    - Fix parsing of /sys/devices/system/cpu/online [BZ #25859]
    - Use O_CLOEXEC in sysconf [BZ #26791]
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=28161
    - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6096
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29562
    
    SRPMS:
    - 7/core/glibc-2.29-21.mga7
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.