Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: SLSA-2018:0805-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2014-9402 CVE-2015-5180 CVE-2017-12132 CVE-2017-15670 CVE-2017-15804 CVE-2018-1000001 -- Security Fix(es): * glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001) * glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670) * glibc: Buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804) * glibc: denial of service in getnetbyname function (CVE-2014-9402) * glibc: DNS resolver NULL pointer dereference with crafted record type (CVE-2015-5180) * glibc: Fragmentation attacks possible when EDNS0 is enabled (CVE-2017-12132) Additional Changes: -- SL7 x86_64 glibc-2.17-222.el7.i686.rpm glibc-2.17-222.el7.x86_64.rpm glibc-common-2.17-222.el7.x86_64.rpm glibc-debuginfo-2.17-222.el7.i686.rpm glibc-debuginfo-2.17-222.el7.x86_64.rpm glibc-debuginfo-common-2.17-222.el7.i686.rpm glibc-debuginfo-common-2.17-222.el7.x86_64.rpm glibc-devel-2.17-222.el7.i686.rpm glibc-devel-2.17-222.el7.x86_64.rpm glibc-headers-2.17-222.el7.x86_64.rpm glibc-utils-2.17-222.el7.x86_64.rpm nscd-2.17-222.el7.x86_64.rpm glibc-static-2.17-222.el7.i686.rpm glibc-static-2.17-222.el7.x86_64.rpm - Scientific Linux Development Team