SCIENTIFIC-LINUX-ERRATA Archives

February 2021

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: glibc on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Tue, 2 Feb 2021 16:50:11 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (47 lines) 
Synopsis:          Moderate: glibc security and bug fix update
Advisory ID:       SLSA-2021:0348-1
Issue Date:        2021-02-02
CVE Numbers:       CVE-2020-10029
                   CVE-2020-29573
                   CVE-2019-25013
--

Security Fix(es):

* glibc: buffer over-read in iconv when processing invalid multi-byte
input sequences in the EUC-KR encoding (CVE-2019-25013)

* glibc: stack corruption from crafted input in cosl, sinl, sincosl, and
tanl functions (CVE-2020-10029)

* glibc: stack-based buffer overflow if the input to any of the printf
family of functions is an 80-bit long double with a non-canonical bit
pattern (CVE-2020-29573)

Bug Fix(es):

* glibc: 64bit_strstr_via_64bit_strstr_sse2_unaligned detection fails with
large device and inode numbers

* glibc: Performance regression in ebizzy benchmark
--

SL7
  x86_64
    glibc-2.17-322.el7_9.i686.rpm
    glibc-2.17-322.el7_9.x86_64.rpm
    glibc-common-2.17-322.el7_9.x86_64.rpm
    glibc-debuginfo-2.17-322.el7_9.i686.rpm
    glibc-debuginfo-2.17-322.el7_9.x86_64.rpm
    glibc-debuginfo-common-2.17-322.el7_9.i686.rpm
    glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm
    glibc-devel-2.17-322.el7_9.i686.rpm
    glibc-devel-2.17-322.el7_9.x86_64.rpm
    glibc-headers-2.17-322.el7_9.x86_64.rpm
    glibc-utils-2.17-322.el7_9.x86_64.rpm
    nscd-2.17-322.el7_9.x86_64.rpm
    glibc-static-2.17-322.el7_9.i686.rpm
    glibc-static-2.17-322.el7_9.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2