Univention Bugzilla – Bug 48778
glibc: Multiple issues (4.3)
Last modified: 2019-02-27 13:29:22 CET
New Debian glibc 2.24-11+deb9u4 fixes: This update addresses the following issues: * Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670) * Memory leak in glob with GLOB_TILDE (CVE-2017-15671) * Buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804) * Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997) * memory corruption in memcpy-sse2-unaligned.S (CVE-2017-18269) * Memory leak reachable via LD_HWCAP_MASK (CVE-2017-1000408) * Buffer overflow triggerable via LD_LIBRARY_PATH (CVE-2017-1000409) * Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236) * Buffer overflow in __mempcpy_avx512_no_vzeroupper (CVE-2018-11237)
--- mirror/ftp/4.3/unmaintained/4.3-1/source/glibc_2.24-11+deb9u3.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/glibc_2.24-11+deb9u4.dsc @@ -1,3 +1,35 @@ +2.24-11+deb9u4 [Wed, 06 Feb 2019 22:17:41 +0100] Aurelien Jarno <aurel32@debian.org>: + + [ Aurelien Jarno ] + * debian/patches/git-updates.diff: update from upstream stable branch: + - Fix buffer overflow in glob with GLOB_TILDE (CVE-2017-15670). Closes: + #879501. + - Fix memory leak in glob with GLOB_TILDE (CVE-2017-15671). Closes: + #879500. + - Fix a buffer overflow in glob with GLOB_TILDE in unescaping + (CVE-2017-15804). Closes: #879955. + - Fix a memory leak in ld.so (CVE-2017-1000408). Closes: #884132. + - Fix a buffer overflow in ld.so (CVE-2017-1000409). Closes: #884133. + - Fixes incorrect RPATH/RUNPATH handling for SUID binaries + (CVE-2017-16997). Closes: #884615. + - Fix a data corruption in SSE2-optimized memmove implementation for + i386 (CVE-2017-18269). + - Fix a stack-based buffer overflow in the realpath function + (CVE-2018-11236). Closes: #899071. + - Fix a buffer overflow in the AVX-512-optimized implementation of the + mempcpy function (CVE-2018-11237). Closes: #899070. + - Fix stack guard size accounting and reduce stack usage during + unwinding to avoid segmentation faults on CPUs with AVX512-F. Closes: + #903554. + - Fix a use after free in pthread_create(). Closes: #916925. + * debian/debhelper.in/libc.postinst, script.in/nsscheck.sh: check for + postgresql in NSS check. Closes: #710275. + + [ Sebastian Andrzej Siewior ] + * patches/any/local-condvar-do-not-use-requeue-for-pshared-condvars.patch: + patch to fix pthread_cond_wait() in the pshared case on non-x86. Closes: + #904158. + 2.24-11+deb9u3 [Sun, 14 Jan 2018 11:39:44 +0100] Aurelien Jarno <aurel32@debian.org>: [ Aurelien Jarno ] <http://10.200.17.11/4.3-3/#7607010817947337004>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] a4395cf9fd Bug #48778: glibc 2.24-11+deb9u4 doc/errata/staging/glibc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.3-3] 9ef5dec608 Bug #48778: glibc 2.24-11+deb9u4 doc/errata/staging/glibc.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+)
<http://errata.software-univention.de/ucs/4.3/436.html>