SUSE: 2018:2187-1 Crucial Update: Fix for glibc Buffer Overflow Issue

suse

August 3, 2018

An update that fixes 6 vulnerabilities is now available

Summary

This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-15804: Fix buffer overflow during unescaping of user names in the glob function in glob.c (bsc#1064580). - CVE-2017-15670: Fix buffer overflow in glob with GLOB_TILDE (bsc#1064583). - CVE-2017-15671: Fix memory leak in glob with GLOB_TILDE (bsc#1064569). - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161). - CVE-2017-12132: Reduce advertised EDNS0 buffer size to guard against fragmentation attacks (bsc#1051791). - CVE-2018-1000001: Avoid underflow of malloced area (bsc#1074293). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics Covered

security advisory buffer overflow memory leak attack glibc SUSE EDNS0

References

#1051791 #1064569 #1064580 #1064583 #1074293

#1094161

Cross- CVE-2017-12132 CVE-2017-15670 CVE-2017-15671

CVE-2017-15804 CVE-2018-1000001 CVE-2018-11236

Affected Products:

SUSE Linux Enterprise Server 12-LTSS

https://www.suse.com/security/cve/CVE-2017-12132.html

https://www.suse.com/security/cve/CVE-2017-15670.html

https://www.suse.com/security/cve/CVE-2017-15671.html

https://www.suse.com/security/cve/CVE-2017-15804.html

https://www.suse.com/security/cve/CVE-2018-1000001.html

https://www.suse.com/security/cve/CVE-2018-11236.html

https://bugzilla.suse.com/1051791

https://bugzilla.suse.com/1064569

https://bugzilla.suse.com/1064580

https://bugzilla.suse.com/1064583

https://bugzilla.suse.com/1074293

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2018:2187-1

Rating: important

Topics Covered

security advisory buffer overflow memory leak attack glibc SUSE EDNS0

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:2187-1 Crucial Update: Fix for glibc Buffer Overflow Issue

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:2187-1 Crucial Update: Fix for glibc Buffer Overflow Issue

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!