Lucene search

K
oraclelinuxOracleLinuxELSA-2020-4444
HistoryNov 10, 2020 - 12:00 a.m.

glibc security, bug fix, and enhancement update

2020-11-1000:00:00
linux.oracle.com
20

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

5.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:P/A:C

[2.28-127.0.1]

  • add Ampere emag to tunable cpu list (Patrick McGehearty)
  • add optimized memset for emag
  • add an ASIMD variant of strlen for falkor
  • Orabug: 2700101.
  • Modify glibc-ora28849085.patch so it works with RHCK kernels.
  • Orabug: 28849085.
  • Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile
  • Both should test
  • if (stream->_flags & _IO_USER_LOCK) == 0)
  • _IO_lock_lock (*stream->_lock);
    
  • OraBug: 28481550.
    Reviewed-by: Qing Zhao
    [2.28-127]
  • Improve performance of library strstr() function (#1821531)
    [2.28-126]
  • Do not clobber errno in nss_compat (#1836867)
    [2.28-125]
  • Support building rpm under newer versions of Coverity Scan (#1835999)
    [2.28-124]
  • Enhance memory protection key support on ppc64le (#1642150)
    [2.28-123]
  • Reduce IFUNC resolver usage in libpthread and librt (#1748197)
    [2.28-122]
  • Math library optimizations for IBM Z (#1780204)
  • Additional patch for s_nearbyint.c
    [2.28-121]
  • elf: Assign TLS modid later during dlopen (#1774115)
    [2.28-120]
  • x86-64: Automatically install nss_db.i686 for 32-bit environments (#1807824)
    [2.28-119]
  • ppc64le: Enable protection key support (#1642150)
    [2.28-118]
  • ppc64le: floating-point status and exception optimizations (#1783303)
    [2.28-117]
  • Update to Linux 5.6 syscall-names.list. (#1810224)
    [2.28-116]
  • CVE-2020-1751: Fix an array overflow in backtrace on PowerPC. (#1813399)
    [2.28-115]
  • CVE:2020-1752: Fix a use after free in glob when expanding ~user. (#1813398)
    [2.28-114]
  • CVE-2020-10029: Prevent stack corruption from crafted input in cosl, sinl,
    sincosl, and tanl function. (#1811796)
    [2.28-113]
  • Improve elf/ and nptl/ testsuites (#1810223)
    [2.28-112]
  • Fix resource leak in getaddrinfo (#1810146)
    [2.28-111]
  • Protect locale archive against corruption (#1784525)
    [2.28-110]
  • Properly handle signed vs. unsigned values in mallopt (#1784520)
    [2.28-109]
  • Update and harmonize locale names with CLDR (#1757354)
    [2.28-108]
  • Fix filter and auxiliary filter implementation (#1812756)
    [2.28-107]
  • Handle .dynstr located in separate segment (#1774114)
    [2.28-106]
  • Disable vtable validation for pre-2.1 interposed handles (#1775819)
    [2.28-105]
  • Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang. (#1784519)
    [2.28-104]
  • Math library optimizations for IBM Z (#1780204)
    [2.28-103]
  • Filter ‘ignore’ autofs mount entries in getmntent (#1743445)
    [2.28-102]
  • Fix /etc/resolv.conf reloading defects (#1810142)

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

5.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:P/A:C

Related for ELSA-2020-4444