Mageia 2021-0053: glibc security update
Summary
Security fixes:
- fix buffer overrun in EUC-KR conversion module [bz #2497] (CVE-2019-25013)
- arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620]
- arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620]
- iconv: Fix incorrect UCS4 inner loop bounds [BZ #26923] (CVE-2020-29562)
other upstream fixes:
- libio: Disable vtable validation for pre-2.1 interposed handles [BZ #25203]
- string.h: Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang [BZ #25232]
- misc/test-errno-linux: Handle EINVAL from quotactl
- nss_compat: internal_end*ent may clobber errno, hiding ERANGE [BZ #25976]
- Fix avx2 strncmp offset compare condition check [BZ #25933]
- AArch64: Align ENTRY to a cacheline
- AArch64: Add optimized Q-register memcpy
- AArch64: Improve backwards memmove performance
- AArch64: Rename IS_ARES to IS_NEOVERSE_N1
- AArch64: Increase small and medium cases for __memcpy_generic
- AArch64: Improve integer memcpy
- AArch64: Use __memcpy_simd on Neoverse N2/V1
- AArch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798]
- AArch64: fix stack missing after sp is updated
- x86-64: Avoid rep movsb with short distance [BZ #27130]
- x86: Assume --enable-cet if GCC defaults to CET [BZ #25225]
- x86: Check IFUNC definition in unrelocated executable [BZ #20019]
- x86: Set header.feature_1 in TCB for always-on CET [BZ #27177]
- Fix parsing of /sys/devices/system/cpu/online [BZ #25859]
- Use O_CLOEXEC in sysconf [BZ #26791]
References
- https://bugs.mageia.org/show_bug.cgi?id=28161
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6096
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29562
Resolution
MGASA-2021-0053 - Updated glibc packages fix security vulnerability
SRPMS
- 7/core/glibc-2.29-21.mga7