Security update for glibc (important)

2018-01-12T15:10:02
ID SUSE-SU-2018:0074-1
Type suse
Reporter Suse
Modified 2018-01-12T15:10:02

Description

This update for glibc fixes the following issues:

  • A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293]

  • A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319]

  • An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries. [CVE-2017-16997, bsc#1073231]

  • A potential crash caused by a use-after-free bug in pthread_create() has been fixed. [bsc#1053188]

  • A bug that prevented users to build shared objects which use the optimized libmvec.so API has been fixed. [bsc#1070905]

  • A memory leak in the glob() function has been fixed. [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583]

  • A bug that would lose the syscall error code value in case of crashes has been fixed. [bsc#1063675]