glibc-2.17-222.el7

エラータID: AXSA:2018-2926:01

Release date: 
Wednesday, April 18, 2018 - 14:19
Subject: 
glibc-2.17-222.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

Security Fix(es):

* glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001)

* glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670)

* glibc: Buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804)

* glibc: denial of service in getnetbyname function (CVE-2014-9402)

* glibc: DNS resolver NULL pointer dereference with crafted record type (CVE-2015-5180)

* glibc: Fragmentation attacks possible when EDNS0 is enabled (CVE-2017-12132)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Asianux would like to thank halfdog for reporting CVE-2018-1000001. The CVE-2015-5180 issue was discovered by Florian Weimer (Asianux Product Security).

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.5 Release Notes linked from the References section.

CVE-2014-9402
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
CVE-2015-5180
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
CVE-2017-12132
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
CVE-2017-15670
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
CVE-2017-15804
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
CVE-2018-1000001
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

Solution: 

Update packages.

CVEs: 
CVE-2014-9402
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
CVE-2015-5180
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
CVE-2017-12132
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
CVE-2017-15670
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
CVE-2017-15804
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
CVE-2018-1000001
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Additional Info: 

N/A

Download: 

SRPMS
  1. glibc-2.17-222.el7.src.rpm
    MD5: bc63fcf432b0ec8c51e983fcd38d1a7c
    SHA-256: bd0bdebdbe8f98d49bfa49b323afcaf3a8dd3e9ab2a44e4491bd39ba0722ffc3
    Size: 24.51 MB

Asianux Server 7 for x86_64
  1. glibc-2.17-222.el7.x86_64.rpm
    MD5: 77fd442a1dd72e85696a2158f5afaa06
    SHA-256: f99e8438212f71b0cab4d1a249f43ffeedd754bd74f09d42ce4433bcadba2f3b
    Size: 3.63 MB
  2. glibc-common-2.17-222.el7.x86_64.rpm
    MD5: 0be6e18f03e0e3e00c07b249065f172b
    SHA-256: 9d57f83ae5ec828841b28f480ebdaddd4c2039786f983767c851773198b27a78
    Size: 11.49 MB
  3. glibc-devel-2.17-222.el7.x86_64.rpm
    MD5: 3a6d0d029f77fea7b4d98fe3d8a8ce88
    SHA-256: 9e7a1248d82e3558f77a39b16e9382b66546e8bc03e3d6fa73798107a7a170c8
    Size: 1.06 MB
  4. glibc-headers-2.17-222.el7.x86_64.rpm
    MD5: d81a713e5814c8e4f2aa92f5840c9113
    SHA-256: d3e3e46cbaa72b14829fd015c1cc0c9d2461034a07499df85f2c849e6cbb17c8
    Size: 677.38 kB
  5. glibc-utils-2.17-222.el7.x86_64.rpm
    MD5: 66190841aa46e51fedfa855f7f39e428
    SHA-256: 6f45f261476059f16b08faf7d312658cc4331dab4ccfed045770e3b19dcc1559
    Size: 216.48 kB
  6. nscd-2.17-222.el7.x86_64.rpm
    MD5: 79e6884fffad552018292c0aa13a4be2
    SHA-256: 60a8ab934f3066cb69ebaface4b2d3443e0d614ca68283468f1d99c6e4baf4bc
    Size: 275.39 kB
  7. glibc-2.17-222.el7.i686.rpm
    MD5: 16179b8f98adb42ca6f7879fb10bd501
    SHA-256: 971e4993b90540051613f611b2ee5a02eb965fff71bc212ad3d2b0fa014e3382
    Size: 4.24 MB
  8. glibc-devel-2.17-222.el7.i686.rpm
    MD5: 3205886c3609aeea069fbf7c225dadf1
    SHA-256: 7f146fba4baa835ea203ebf5f93c7e3efa4f9f5c1f359d589ddaec6f3baa9ae3
    Size: 1.06 MB