glibc-2.17-260.el7

エラータID: AXSA:2019-3623:01

Release date: 
Friday, February 15, 2019 - 15:34
Subject: 
glibc-2.17-260.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

Security Fix(es):

* glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997)

* glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485)

* glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236)

* glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper (CVE-2018-11237)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.

CVE-2017-16997
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through
2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged
(setuid or AT_SECURE) program, which allows local users to gain
privileges via a Trojan horse library in the current working directory,
related to the fillin_rpath and decompose_rpath functions. This is
associated with misinterpretion of an empty RPATH/RUNPATH token as the
"./" directory. NOTE: this configuration of RPATH/RUNPATH for a
privileged program is apparently very uncommon; most likely, no such
program is shipped with any common Linux distribution.
CVE-2018-11236
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27
and earlier, when processing very long pathname arguments to the
realpath function, could encounter an integer overflow on 32-bit
architectures, leading to a stack-based buffer overflow and,
potentially, arbitrary code execution.
CVE-2018-11237
An AVX-512-optimized implementation of the mempcpy function in the GNU
C Library (aka glibc or libc6) 2.27 and earlier may write data beyond
the target buffer, leading to a buffer overflow in
__mempcpy_avx512_no_vzeroupper.
CVE-2018-6485
An integer overflow in the implementation of the posix_memalign in
memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and
earlier could cause these functions to return a pointer to a heap area
that is too small, potentially leading to heap corruption.

Solution: 

Update packages.

CVEs: 
CVE-2017-16997
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
CVE-2018-11236
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.
CVE-2018-11237
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
CVE-2018-6485
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
Additional Info: 

N/A

Download: 

SRPMS
  1. glibc-2.17-260.el7.src.rpm
    MD5: 420a0934b22da12918b35374d0b36b58
    SHA-256: 5971939e6a6ad3250951496de917aac4a86a303a536870e45eb60385b40c0135
    Size: 25.03 MB

Asianux Server 7 for x86_64
  1. glibc-2.17-260.el7.x86_64.rpm
    MD5: 4c44d113e9cf697a01832eec17801884
    SHA-256: 7a704fd984c96822a92cba6bdcc78a5002697f81af137899ac8a37eaabd5685c
    Size: 3.63 MB
  2. glibc-common-2.17-260.el7.x86_64.rpm
    MD5: 6ae06c1021a47842234d52363dcc63a5
    SHA-256: 830947d997c5761275c2cae8c84f21e28fa01b2b25fa5b80dd85c979bae90f32
    Size: 11.49 MB
  3. glibc-devel-2.17-260.el7.x86_64.rpm
    MD5: 2bd6d31d3c7372d42c8e8310a93a3cf7
    SHA-256: 76ab6c83c36fd13fcf84f3b605d2ae9338baf3b1616490148226ad4aa82bcc63
    Size: 1.07 MB
  4. glibc-headers-2.17-260.el7.x86_64.rpm
    MD5: 23759a3ff624adea023f5c7c89b09909
    SHA-256: bd4464b918b23cdd52890fa1bae6135a078aec621d9cae74c1995e4af499397b
    Size: 682.09 kB
  5. glibc-utils-2.17-260.el7.x86_64.rpm
    MD5: 085318596f733885f914bf234fe8c9bf
    SHA-256: 747cce0c189e121a540379e3e5d9f642f7e7aee7f1c1d252316a7c29f3a74bd3
    Size: 220.97 kB
  6. nscd-2.17-260.el7.x86_64.rpm
    MD5: b962de7b5be4a543f63b04e5b9a22166
    SHA-256: 40f4a76c2a6c1b14f3e226f33fc51cbba8a054772d461cdef38ce0c07bec029f
    Size: 279.77 kB
  7. glibc-2.17-260.el7.i686.rpm
    MD5: 5adb2107162a4631b2d6ff057cf13852
    SHA-256: 8efe2c449f52cf26cf4dfac868a15fd971100af2c8c77b16d983aa4f7f483f22
    Size: 4.25 MB
  8. glibc-devel-2.17-260.el7.i686.rpm
    MD5: 40a20bb7e5420f4b12d088c69a2ebacb
    SHA-256: 114e38bb9e44b8f3c25cb77df1814643a42b2b48f86427390fde5908fedcfab8
    Size: 1.07 MB