SUSE: 2018:1991-1 Moderate: glibc Memory Issues and Fixes
suse
July 19, 2018
An update that solves three vulnerabilities and has two fixes is now available
Summary
This update for glibc fixes the following security issues: - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150). - CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161). - CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a
Topics Covered
References
#1082318 #1092877 #1094150 #1094154 #1094161
Cross- CVE-2017-18269 CVE-2018-11236 CVE-2018-11237
Affected Products:
SUSE Linux Enterprise Module for Development Tools 15
SUSE Linux Enterprise Module for Basesystem 15
https://www.suse.com/security/cve/CVE-2017-18269.html
https://www.suse.com/security/cve/CVE-2018-11236.html
https://www.suse.com/security/cve/CVE-2018-11237.html
https://bugzilla.suse.com/1082318
https://bugzilla.suse.com/1092877
https://bugzilla.suse.com/1094150
https://bugzilla.suse.com/1094154
https://bugzilla.suse.com/1094161
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2018:1991-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!