Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 516
Alerts This Week
Warning Icon 1 516

openSUSE Leap 42.3: 2018-0089-1 Important glibc Security Update

opensuse
Calendar Grey January 15, 2018
Dist Opensuse Esm H88
Important patch for glibc addresses several flaws and security weaknesses affecting openSUSE platforms and their users.
An update that solves 7 vulnerabilities and has three fixes is now available.

Description

This update for glibc fixes the following issues:

- A privilege escalation bug in the realpath() function has been fixed.

[CVE-2018-1000001, bsc#1074293]

- A memory leak and a buffer overflow in the dynamic ELF loader has been

fixed. [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319]

- An issue in the code handling RPATHs was fixed that could have been

exploited by an attacker to execute code loaded from arbitrary

libraries. [CVE-2017-16997, bsc#1073231]

- A potential crash caused by a use-after-free bug in pthread_create() has

been fixed. [bsc#1053188]

- A bug that prevented users to build shared objects which use the

optimized libmvec.so API has been fixed. [bsc#1070905]

- A memory leak in the glob() function has been fixed. [CVE-2017-15670,

CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583]

- A bug that would lose the syscall error code value in case of crashes

has been fixed. [bsc#1063675]

...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-30=1

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2018-30=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.3 (i586 i686 x86_64):

glibc-2.22-10.1

glibc-debuginfo-2.22-10.1

glibc-debugsource-2.22-10.1

glibc-devel-2.22-10.1

glibc-devel-debuginfo-2.22-10.1

glibc-devel-static-2.22-10.1

glibc-locale-2.22-10.1

glibc-locale-debuginfo-2.22-10.1

glibc-profile-2.22-10.1

- openSUSE Leap 42.3 (i586 x86_64):

glibc-extra-2.22-10.1

glibc-extra-debuginfo-2.22-10.1

glibc-utils-2.22-10.1

glibc-utils-debuginfo-2.22-10.1

glibc-utils-debugsource-2.22-10.1

nscd-2.22-10.1

nscd-debuginfo-2.22-10.1

- openSUSE Leap 42.3 (x86_64):

glibc-32bit-2.22-10.1

glibc-debuginfo-32bit-2.22-10.1

glibc-devel-32bit-2.22-10.1

glibc-devel-debuginfo-32bit-2.22-10.1

glibc-devel-static-32bit-2.22-10.1

glibc-locale-32bit-2.22-10.1

glibc-locale-debuginfo-32bit-2.22-10.1

glibc-profile-32bit-2.22-10.1

glibc-utils-32bit-2.22-10.1

glibc-utils-debuginfo-32bit-2.22-10.1

- openSUSE Leap 42.3 (noarch):

glibc-html-2.22-10.1

glibc-i18ndata-2.22-10.1

glibc-info-2.22-10.1

- openSUSE Leap 42.3 (i586):

glibc-obsolete-2.22-10.1

glibc-obsolete-debuginfo-2.22-10.1

-...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2017-1000408.html

https://www.suse.com/security/cve/CVE-2017-1000409.html

https://www.suse.com/security/cve/CVE-2017-15670.html

https://www.suse.com/security/cve/CVE-2017-15671.html

https://www.suse.com/security/cve/CVE-2017-15804.html

https://www.suse.com/security/cve/CVE-2017-16997.html

https://www.suse.com/security/cve/CVE-2018-1000001.html

https://bugzilla.suse.com/1051042

https://bugzilla.suse.com/1053188

https://bugzilla.suse.com/1063675

https://bugzilla.suse.com/1064569

https://bugzilla.suse.com/1064580

https://bugzilla.suse.com/1064583

https://bugzilla.suse.com/1070905

https://bugzilla.suse.com/1071319

https://bugzilla.suse.com/1073231

https://bugzilla.suse.com/1074293

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:0089-1
Rating: important
Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.