Synopsis:          Moderate: glibc security, bug fix, and enhancement update

Advisory ID:       SLSA-2018:3092-1

Issue Date:        2018-10-30

CVE Numbers:       CVE-2017-16997

                   CVE-2018-6485

                   CVE-2018-11236

                   CVE-2018-11237

--



Security Fix(es):



* glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to

execute code loaded from arbitrary libraries (CVE-2017-16997)



* glibc: Integer overflow in posix_memalign in memalign functions

(CVE-2018-6485)



* glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures

leading to stack-based buffer overflow (CVE-2018-11236)



* glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper

(CVE-2018-11237)

--



SL7

  x86_64

    glibc-2.17-260.el7.i686.rpm

    glibc-2.17-260.el7.x86_64.rpm

    glibc-common-2.17-260.el7.x86_64.rpm

    glibc-debuginfo-2.17-260.el7.i686.rpm

    glibc-debuginfo-2.17-260.el7.x86_64.rpm

    glibc-debuginfo-common-2.17-260.el7.i686.rpm

    glibc-debuginfo-common-2.17-260.el7.x86_64.rpm

    glibc-devel-2.17-260.el7.i686.rpm

    glibc-devel-2.17-260.el7.x86_64.rpm

    glibc-headers-2.17-260.el7.x86_64.rpm

    glibc-utils-2.17-260.el7.x86_64.rpm

    nscd-2.17-260.el7.x86_64.rpm

    glibc-static-2.17-260.el7.i686.rpm

    glibc-static-2.17-260.el7.x86_64.rpm



- Scientific Linux Development Team