SUSE-SU-2018:2185-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:2185-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2018:2185-1
- Related
- Published
- 2018-08-03T13:49:12Z
- Modified
- 2018-08-03T13:49:12Z
- Summary
- Security update for glibc
- Details
-
This update for glibc fixes the following issues:
Security issues fixed:
- CVE-2017-15804: Fix buffer overflow during unescaping of user names in the glob function in glob.c (bsc#1064580).
- CVE-2017-15670: Fix buffer overflow in glob with GLOB_TILDE (bsc#1064583).
- CVE-2017-15671: Fix memory leak in glob with GLOB_TILDE (bsc#1064569).
- CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161).
- CVE-2017-12132: Reduce advertised EDNS0 buffer size to guard against fragmentation attacks (bsc#1051791).
- References
-
- https://www.suse.com/support/update/announcement/2018/suse-su-20182185-1/
- https://bugzilla.suse.com/1051791
- https://bugzilla.suse.com/1064569
- https://bugzilla.suse.com/1064580
- https://bugzilla.suse.com/1064583
- https://bugzilla.suse.com/1094161
- https://www.suse.com/security/cve/CVE-2017-12132
- https://www.suse.com/security/cve/CVE-2017-15670
- https://www.suse.com/security/cve/CVE-2017-15671
- https://www.suse.com/security/cve/CVE-2017-15804
- https://www.suse.com/security/cve/CVE-2018-11236
Affected packages
SUSE:Linux Enterprise Server for SAP Applications 12 SP1 / glibc
Package
- Name
- glibc
- Purl
- purl:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.19-40.16.950
Ecosystem specific
{
"binaries": [
{
"glibc-devel-32bit": "2.19-40.16.950",
"glibc-html": "2.19-40.16.950",
"glibc-locale-32bit": "2.19-40.16.950",
"glibc-info": "2.19-40.16.950",
"glibc-devel": "2.19-40.16.950",
"glibc-i18ndata": "2.19-40.16.950",
"glibc-profile": "2.19-40.16.950",
"glibc-locale": "2.19-40.16.950",
"nscd": "2.19-40.16.950",
"glibc-32bit": "2.19-40.16.950",
"glibc-profile-32bit": "2.19-40.16.950",
"glibc": "2.19-40.16.950"
}
]
}
SUSE:Linux Enterprise Server 12 SP1-LTSS / glibc
Package
- Name
- glibc
- Purl
- purl:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.19-40.16.950
Ecosystem specific
{
"binaries": [
{
"glibc-devel-32bit": "2.19-40.16.950",
"glibc-html": "2.19-40.16.950",
"glibc-locale-32bit": "2.19-40.16.950",
"glibc-info": "2.19-40.16.950",
"glibc-devel": "2.19-40.16.950",
"glibc-i18ndata": "2.19-40.16.950",
"glibc-profile": "2.19-40.16.950",
"glibc-locale": "2.19-40.16.950",
"nscd": "2.19-40.16.950",
"glibc-32bit": "2.19-40.16.950",
"glibc-profile-32bit": "2.19-40.16.950",
"glibc": "2.19-40.16.950"
}
]
}