Lucene search

K
mageiaGentoo FoundationMGASA-2021-0053
HistoryJan 24, 2021 - 3:36 a.m.

Updated glibc packages fix security vulnerability

2021-01-2403:36:09
Gentoo Foundation
advisories.mageia.org
20

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.074 Low

EPSS

Percentile

94.1%

Security fixes: - fix buffer overrun in EUC-KR conversion module [bz #2497] (CVE-2019-25013) - arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620] - arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620] - iconv: Fix incorrect UCS4 inner loop bounds [BZ #26923] (CVE-2020-29562) other upstream fixes: - libio: Disable vtable validation for pre-2.1 interposed handles [BZ #25203] - string.h: Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang [BZ #25232] - misc/test-errno-linux: Handle EINVAL from quotactl - nss_compat: internal_end*ent may clobber errno, hiding ERANGE [BZ #25976] - Fix avx2 strncmp offset compare condition check [BZ #25933] - AArch64: Align ENTRY to a cacheline - AArch64: Add optimized Q-register memcpy - AArch64: Improve backwards memmove performance - AArch64: Rename IS_ARES to IS_NEOVERSE_N1 - AArch64: Increase small and medium cases for __memcpy_generic - AArch64: Improve integer memcpy - AArch64: Use __memcpy_simd on Neoverse N2/V1 - AArch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798] - AArch64: fix stack missing after sp is updated - x86-64: Avoid rep movsb with short distance [BZ #27130] - x86: Assume --enable-cet if GCC defaults to CET [BZ #25225] - x86: Check IFUNC definition in unrelocated executable [BZ #20019] - x86: Set header.feature_1 in TCB for always-on CET [BZ #27177] - Fix parsing of /sys/devices/system/cpu/online [BZ #25859] - Use O_CLOEXEC in sysconf [BZ #26791]

OSVersionArchitecturePackageVersionFilename
Mageia7noarchglibc< 2.29-21glibc-2.29-21.mga7

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.074 Low

EPSS

Percentile

94.1%