Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 565
Alerts This Week
Warning Icon 1 565

SciLinux: SLSA-2018-3092-1 Moderate: glibc Code Execution and Overflow

Scientific Large Esm H446
glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997) * glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485) * glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236) * glibc: Buffer overflow in __mempcpy_avx512_no_vze [More...]
Synopsis:          Moderate: glibc security, bug fix, and enhancement update
Advisory ID:       SLSA-2018:3092-1
Issue Date:        2018-10-30
CVE Numbers:       CVE-2017-16997
                   CVE-2018-6485
                   CVE-2018-11236
                   CVE-2018-11237
--

Security Fix(es):

* glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to
execute code loaded from arbitrary libraries (CVE-2017-16997)

* glibc: Integer overflow in posix_memalign in memalign functions
(CVE-2018-6485)

* glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures
leading to stack-based buffer overflow (CVE-2018-11236)

* glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper
(CVE-2018-11237)
--

SL7
  x86_64
    glibc-2.17-260.el7.i686.rpm
    glibc-2.17-260.el7.x86_64.rpm
    glibc-common-2.17-260.el7.x86_64.rpm
    glibc-debuginfo-2.17-260.el7.i686.rpm
    glibc-debuginfo-2.17-260.el7.x86_64.rpm
    glibc-debuginfo-common-2.17-260.el7.i686.rpm
    glibc-debuginfo-common-2.17-260.el7.x86_64.rpm
    glibc-devel-2.17-260.el7.i686.rpm
    glibc-devel-2.17-260.el7.x86_64.rpm
    glibc-headers-2.17-260.el7.x86_64.rpm
    glibc-utils-2.17-260.el7.x86_64.rpm
    nscd-2.17-260.el7.x86_64.rpm
    glibc-static-2.17-260.el7.i686.rpm
    glibc-static-2.17-260.el7.x86_64.rpm

- Scientific Linux Development Team