Medium: glibc

2018-12-07T00:49:00
ID ALAS-2018-1109
Type amazon
Reporter Amazon
Modified 2018-12-07T00:49:00

Description

Issue Overview:

A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code.(CVE-2018-11237 __)

elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.(CVE-2017-16997 __)

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236 __)

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.(CVE-2018-6485 __)

Affected Packages:

glibc

Issue Correction:
Run yum update glibc to update your system.

New Packages:

i686:  
    glibc-2.17-260.175.amzn1.i686  
    glibc-common-2.17-260.175.amzn1.i686  
    glibc-headers-2.17-260.175.amzn1.i686  
    glibc-debuginfo-2.17-260.175.amzn1.i686  
    glibc-debuginfo-common-2.17-260.175.amzn1.i686  
    glibc-utils-2.17-260.175.amzn1.i686  
    glibc-static-2.17-260.175.amzn1.i686  
    nscd-2.17-260.175.amzn1.i686  
    glibc-devel-2.17-260.175.amzn1.i686

src:  
    glibc-2.17-260.175.amzn1.src

x86_64:  
    glibc-common-2.17-260.175.amzn1.x86_64  
    glibc-debuginfo-common-2.17-260.175.amzn1.x86_64  
    glibc-utils-2.17-260.175.amzn1.x86_64  
    glibc-2.17-260.175.amzn1.x86_64  
    glibc-devel-2.17-260.175.amzn1.x86_64  
    nscd-2.17-260.175.amzn1.x86_64  
    glibc-static-2.17-260.175.amzn1.x86_64  
    glibc-debuginfo-2.17-260.175.amzn1.x86_64  
    glibc-headers-2.17-260.175.amzn1.x86_64