LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Moderate: glibc security, bug fix, and enhancement update
Advisory ID:       SLSA-2018:3092-1
Issue Date:        2018-10-30
CVE Numbers:       CVE-2017-16997
                   CVE-2018-6485
                   CVE-2018-11236
                   CVE-2018-11237
--

Security Fix(es):

* glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to
execute code loaded from arbitrary libraries (CVE-2017-16997)

* glibc: Integer overflow in posix_memalign in memalign functions
(CVE-2018-6485)

* glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures
leading to stack-based buffer overflow (CVE-2018-11236)

* glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper
(CVE-2018-11237)
--

SL7
  x86_64
    glibc-2.17-260.el7.i686.rpm
    glibc-2.17-260.el7.x86_64.rpm
    glibc-common-2.17-260.el7.x86_64.rpm
    glibc-debuginfo-2.17-260.el7.i686.rpm
    glibc-debuginfo-2.17-260.el7.x86_64.rpm
    glibc-debuginfo-common-2.17-260.el7.i686.rpm
    glibc-debuginfo-common-2.17-260.el7.x86_64.rpm
    glibc-devel-2.17-260.el7.i686.rpm
    glibc-devel-2.17-260.el7.x86_64.rpm
    glibc-headers-2.17-260.el7.x86_64.rpm
    glibc-utils-2.17-260.el7.x86_64.rpm
    nscd-2.17-260.el7.x86_64.rpm
    glibc-static-2.17-260.el7.i686.rpm
    glibc-static-2.17-260.el7.x86_64.rpm

- Scientific Linux Development Team