Lucene search

K
oraclelinuxOracleLinuxELSA-2023-12872
HistoryOct 12, 2023 - 12:00 a.m.

glibc security update

2023-10-1200:00:00
linux.oracle.com
29
glibc security update
stack read overflow
use-after-free
rhel-8 limitation
tunables
orabug
huge pages
vdso
oracle patches

AI Score

7.7

Confidence

High

EPSS

0.016

Percentile

87.4%

[2.28-225.0.4.6]

  • CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode.
  • CVE-2203-4806: potential use-after-free in getaddrinfo.
  • CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435).
  • CVE-2023-4813: work around RHEL-8 limitation in test (RHEL-2435).
    Reviewed by: Jose E. Marchesi
    [2.28-225.0.4]
  • CVE-2023-4911: tunables: Terminate immediately if end of input is reached
    Reviewed by: Jose E. Marchesi
    [2.28-225.0.3]
  • OraBug 35317410 Glibc tunable to disable huge pages on pthread_create stacks
  • Created tunable glibc.pthread.stack_hugetlb to control when hugepages
    can be used for stack allocation.
  • In case THP are enabled and glibc.pthread.stack_hugetlb is set to
    0, glibc will madvise the kernel not to use allow hugepages for stack
    allocations.
    Reviewed-by: Jose E. Marchesi
    [2.28-225.0.2]
  • OraBug: 35268809 Fixed initialization of VDSO for tcache_key_initialize
    Reviewed-by: Jose E. Marchesi
    [2.28-225.0.1]
  • Merge of Oracle patches for ol8u8 beta
    Reviewed-by: Jose E. Marchesi
    [2.28-225]
  • Enforce a specififc internal ordering for tunables (#2154914)