Security update for glibc (important)

2018-02-20T18:13:58
ID OPENSUSE-SU-2018:0494-1
Type suse
Reporter Suse
Modified 2018-02-20T18:13:58

Description

This update for glibc fixes the following issues:

Security issues fixed:

  • CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930)
  • CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791)
  • CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036)
  • CVE-2018-1000001: Avoid underflow of malloced area (bsc#1074293)

Non security bugs fixed:

  • Release read lock after resetting timeout (bsc#1073990)

This update was imported from the SUSE:SLE-12-SP2:Update update project.