Synopsis: Moderate: glibc security, bug fix, and enhancement update
Advisory ID: SLSA-2018:0805-1
Issue Date: 2018-04-10
CVE Numbers: CVE-2014-9402
CVE-2015-5180
CVE-2017-12132
CVE-2017-15670
CVE-2017-15804
CVE-2018-1000001
—
Security Fix(es):
* glibc: realpath() buffer underflow when getcwd() returns relative path
allows privilege escalation (CVE-2018-1000001)
* glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)
* glibc: Buffer overflow during unescaping of user names with the ~
operator (CVE-2017-15804)
* glibc: denial of service in getnetbyname function (CVE-2014-9402)
* glibc: DNS resolver NULL pointer dereference with crafted record type
(CVE-2015-5180)
* glibc: Fragmentation attacks possible when EDNS0 is enabled
(CVE-2017-12132)
Additional Changes:
—
SL7
x86_64
glibc-2.17-222.el7.i686.rpm
glibc-2.17-222.el7.x86_64.rpm
glibc-common-2.17-222.el7.x86_64.rpm
glibc-debuginfo-2.17-222.el7.i686.rpm
glibc-debuginfo-2.17-222.el7.x86_64.rpm
glibc-debuginfo-common-2.17-222.el7.i686.rpm
glibc-debuginfo-common-2.17-222.el7.x86_64.rpm
glibc-devel-2.17-222.el7.i686.rpm
glibc-devel-2.17-222.el7.x86_64.rpm
glibc-headers-2.17-222.el7.x86_64.rpm
glibc-utils-2.17-222.el7.x86_64.rpm
nscd-2.17-222.el7.x86_64.rpm
glibc-static-2.17-222.el7.i686.rpm
glibc-static-2.17-222.el7.x86_64.rpm
– Scientific Linux Development Team
