Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: SLSA-2018:3092-1 Issue Date: 2018-10-30 CVE Numbers: CVE-2017-16997 CVE-2018-6485 CVE-2018-11236 CVE-2018-11237 -- Security Fix(es): * glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997) * glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485) * glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236) * glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper (CVE-2018-11237) -- SL7 x86_64 glibc-2.17-260.el7.i686.rpm glibc-2.17-260.el7.x86_64.rpm glibc-common-2.17-260.el7.x86_64.rpm glibc-debuginfo-2.17-260.el7.i686.rpm glibc-debuginfo-2.17-260.el7.x86_64.rpm glibc-debuginfo-common-2.17-260.el7.i686.rpm glibc-debuginfo-common-2.17-260.el7.x86_64.rpm glibc-devel-2.17-260.el7.i686.rpm glibc-devel-2.17-260.el7.x86_64.rpm glibc-headers-2.17-260.el7.x86_64.rpm glibc-utils-2.17-260.el7.x86_64.rpm nscd-2.17-260.el7.x86_64.rpm glibc-static-2.17-260.el7.i686.rpm glibc-static-2.17-260.el7.x86_64.rpm - Scientific Linux Development Team