Synopsis:          Moderate: glibc security, bug fix, and enhancement update
Advisory ID:       SLSA-2018:0805-1
Issue Date:        2018-04-10
CVE Numbers:       CVE-2014-9402
                   CVE-2015-5180
                   CVE-2017-12132
                   CVE-2017-15670
                   CVE-2017-15804
                   CVE-2018-1000001
--

Security Fix(es):

* glibc: realpath() buffer underflow when getcwd() returns relative path
allows privilege escalation (CVE-2018-1000001)

* glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)

* glibc: Buffer overflow during unescaping of user names with the ~
operator (CVE-2017-15804)

* glibc: denial of service in getnetbyname function (CVE-2014-9402)

* glibc: DNS resolver NULL pointer dereference with crafted record type
(CVE-2015-5180)

* glibc: Fragmentation attacks possible when EDNS0 is enabled
(CVE-2017-12132)

Additional Changes:
--

SL7
  x86_64
    glibc-2.17-222.el7.i686.rpm
    glibc-2.17-222.el7.x86_64.rpm
    glibc-common-2.17-222.el7.x86_64.rpm
    glibc-debuginfo-2.17-222.el7.i686.rpm
    glibc-debuginfo-2.17-222.el7.x86_64.rpm
    glibc-debuginfo-common-2.17-222.el7.i686.rpm
    glibc-debuginfo-common-2.17-222.el7.x86_64.rpm
    glibc-devel-2.17-222.el7.i686.rpm
    glibc-devel-2.17-222.el7.x86_64.rpm
    glibc-headers-2.17-222.el7.x86_64.rpm
    glibc-utils-2.17-222.el7.x86_64.rpm
    nscd-2.17-222.el7.x86_64.rpm
    glibc-static-2.17-222.el7.i686.rpm
    glibc-static-2.17-222.el7.x86_64.rpm

- Scientific Linux Development Team