-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: RHSA-2018:3092-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3092 Issue date: 2018-10-30 CVE Names: CVE-2017-16997 CVE-2018-6485 CVE-2018-11236 CVE-2018-11237 ==================================================================== 1. Summary: An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997) * glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485) * glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236) * glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper (CVE-2018-11237) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1349967 - Fix warning: "IN_MODULE" redefined [enabled by default] 1349982 - Fix static analysis warnings in build-locale-archive.c. 1372304 - glibc: backport build/testing time improvements 1401665 - Fix process shared robust mutex defects. 1408964 - RFE: Add Provides: nss_db to the glibc rpm 1448107 - glibc: Add el_GR@euro, ur_IN, and wal_ET locales 1461231 - [RFE] Support OFD locking constants, but disable them for 32-bit offsets (not following upstream) (glibc) 1471405 - glibc: Define O_TMPFILE macro 1476120 - glibc headers don't include linux/falloc.h, and therefore doesn't include fallocate() flags 1505451 - pthread_barrier_init typo has in-theory-undefined behavior 1505477 - strftime_l: Fix multiline macro DO_NUMBER (GCC 8 warnings, and coverity warnings) 1505492 - glibc: Build with -Werror and -Wundef 1505500 - locale: Transliteration function may return address of local variable. 1505647 - NSCD not properly caching netgroup 1526865 - CVE-2017-16997 glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries 1531168 - glibc: setcontext/makecontext alignment issues on x86 1542102 - CVE-2018-6485 glibc: Integer overflow in posix_memalign in memalign functions 1560641 - sem_open - valgrind complains about uninitialised bytes 1563046 - getlogin_r: return early when linux sentinel value is set 1563747 - glibc: Adjust system call name list to Linux 4.16+ 1564638 - glibc: Fix compile-time type error in string/test-strncmp.c and other string tests 1566623 - glibc: Old-style function definitions without prototype in libio/strops.c 1579727 - glibc: Crash in __res_context_send after memory allocation failure 1581269 - CVE-2018-11236 glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow 1581274 - CVE-2018-11237 glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: glibc-2.17-260.el7.src.rpm x86_64: glibc-2.17-260.el7.i686.rpm glibc-2.17-260.el7.x86_64.rpm glibc-common-2.17-260.el7.x86_64.rpm glibc-debuginfo-2.17-260.el7.i686.rpm glibc-debuginfo-2.17-260.el7.x86_64.rpm glibc-debuginfo-common-2.17-260.el7.i686.rpm glibc-debuginfo-common-2.17-260.el7.x86_64.rpm glibc-devel-2.17-260.el7.i686.rpm glibc-devel-2.17-260.el7.x86_64.rpm glibc-headers-2.17-260.el7.x86_64.rpm glibc-utils-2.17-260.el7.x86_64.rpm nscd-2.17-260.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: glibc-debuginfo-2.17-260.el7.i686.rpm glibc-debuginfo-2.17-260.el7.x86_64.rpm glibc-debuginfo-common-2.17-260.el7.i686.rpm glibc-debuginfo-common-2.17-260.el7.x86_64.rpm glibc-static-2.17-260.el7.i686.rpm glibc-static-2.17-260.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glibc-2.17-260.el7.src.rpm x86_64: glibc-2.17-260.el7.i686.rpm glibc-2.17-260.el7.x86_64.rpm glibc-common-2.17-260.el7.x86_64.rpm glibc-debuginfo-2.17-260.el7.i686.rpm glibc-debuginfo-2.17-260.el7.x86_64.rpm glibc-debuginfo-common-2.17-260.el7.i686.rpm glibc-debuginfo-common-2.17-260.el7.x86_64.rpm glibc-devel-2.17-260.el7.i686.rpm glibc-devel-2.17-260.el7.x86_64.rpm glibc-headers-2.17-260.el7.x86_64.rpm glibc-utils-2.17-260.el7.x86_64.rpm nscd-2.17-260.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: glibc-debuginfo-2.17-260.el7.i686.rpm glibc-debuginfo-2.17-260.el7.x86_64.rpm glibc-debuginfo-common-2.17-260.el7.i686.rpm glibc-debuginfo-common-2.17-260.el7.x86_64.rpm glibc-static-2.17-260.el7.i686.rpm glibc-static-2.17-260.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glibc-2.17-260.el7.src.rpm ppc64: glibc-2.17-260.el7.ppc.rpm glibc-2.17-260.el7.ppc64.rpm glibc-common-2.17-260.el7.ppc64.rpm glibc-debuginfo-2.17-260.el7.ppc.rpm glibc-debuginfo-2.17-260.el7.ppc64.rpm glibc-debuginfo-common-2.17-260.el7.ppc.rpm glibc-debuginfo-common-2.17-260.el7.ppc64.rpm glibc-devel-2.17-260.el7.ppc.rpm glibc-devel-2.17-260.el7.ppc64.rpm glibc-headers-2.17-260.el7.ppc64.rpm glibc-utils-2.17-260.el7.ppc64.rpm nscd-2.17-260.el7.ppc64.rpm ppc64le: glibc-2.17-260.el7.ppc64le.rpm glibc-common-2.17-260.el7.ppc64le.rpm glibc-debuginfo-2.17-260.el7.ppc64le.rpm glibc-debuginfo-common-2.17-260.el7.ppc64le.rpm glibc-devel-2.17-260.el7.ppc64le.rpm glibc-headers-2.17-260.el7.ppc64le.rpm glibc-utils-2.17-260.el7.ppc64le.rpm nscd-2.17-260.el7.ppc64le.rpm s390x: glibc-2.17-260.el7.s390.rpm glibc-2.17-260.el7.s390x.rpm glibc-common-2.17-260.el7.s390x.rpm glibc-debuginfo-2.17-260.el7.s390.rpm glibc-debuginfo-2.17-260.el7.s390x.rpm glibc-debuginfo-common-2.17-260.el7.s390.rpm glibc-debuginfo-common-2.17-260.el7.s390x.rpm glibc-devel-2.17-260.el7.s390.rpm glibc-devel-2.17-260.el7.s390x.rpm glibc-headers-2.17-260.el7.s390x.rpm glibc-utils-2.17-260.el7.s390x.rpm nscd-2.17-260.el7.s390x.rpm x86_64: glibc-2.17-260.el7.i686.rpm glibc-2.17-260.el7.x86_64.rpm glibc-common-2.17-260.el7.x86_64.rpm glibc-debuginfo-2.17-260.el7.i686.rpm glibc-debuginfo-2.17-260.el7.x86_64.rpm glibc-debuginfo-common-2.17-260.el7.i686.rpm glibc-debuginfo-common-2.17-260.el7.x86_64.rpm glibc-devel-2.17-260.el7.i686.rpm glibc-devel-2.17-260.el7.x86_64.rpm glibc-headers-2.17-260.el7.x86_64.rpm glibc-utils-2.17-260.el7.x86_64.rpm nscd-2.17-260.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: glibc-2.17-260.el7.src.rpm aarch64: glibc-2.17-260.el7.aarch64.rpm glibc-common-2.17-260.el7.aarch64.rpm glibc-debuginfo-2.17-260.el7.aarch64.rpm glibc-devel-2.17-260.el7.aarch64.rpm glibc-headers-2.17-260.el7.aarch64.rpm glibc-utils-2.17-260.el7.aarch64.rpm nscd-2.17-260.el7.aarch64.rpm ppc64le: glibc-2.17-260.el7.ppc64le.rpm glibc-common-2.17-260.el7.ppc64le.rpm glibc-debuginfo-2.17-260.el7.ppc64le.rpm glibc-debuginfo-common-2.17-260.el7.ppc64le.rpm glibc-devel-2.17-260.el7.ppc64le.rpm glibc-headers-2.17-260.el7.ppc64le.rpm glibc-utils-2.17-260.el7.ppc64le.rpm nscd-2.17-260.el7.ppc64le.rpm s390x: glibc-2.17-260.el7.s390.rpm glibc-2.17-260.el7.s390x.rpm glibc-common-2.17-260.el7.s390x.rpm glibc-debuginfo-2.17-260.el7.s390.rpm glibc-debuginfo-2.17-260.el7.s390x.rpm glibc-debuginfo-common-2.17-260.el7.s390.rpm glibc-debuginfo-common-2.17-260.el7.s390x.rpm glibc-devel-2.17-260.el7.s390.rpm glibc-devel-2.17-260.el7.s390x.rpm glibc-headers-2.17-260.el7.s390x.rpm glibc-utils-2.17-260.el7.s390x.rpm nscd-2.17-260.el7.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: glibc-debuginfo-2.17-260.el7.aarch64.rpm glibc-static-2.17-260.el7.aarch64.rpm ppc64le: glibc-debuginfo-2.17-260.el7.ppc64le.rpm glibc-debuginfo-common-2.17-260.el7.ppc64le.rpm glibc-static-2.17-260.el7.ppc64le.rpm s390x: glibc-debuginfo-2.17-260.el7.s390.rpm glibc-debuginfo-2.17-260.el7.s390x.rpm glibc-debuginfo-common-2.17-260.el7.s390.rpm glibc-debuginfo-common-2.17-260.el7.s390x.rpm glibc-static-2.17-260.el7.s390.rpm glibc-static-2.17-260.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: glibc-debuginfo-2.17-260.el7.ppc.rpm glibc-debuginfo-2.17-260.el7.ppc64.rpm glibc-debuginfo-common-2.17-260.el7.ppc.rpm glibc-debuginfo-common-2.17-260.el7.ppc64.rpm glibc-static-2.17-260.el7.ppc.rpm glibc-static-2.17-260.el7.ppc64.rpm ppc64le: glibc-debuginfo-2.17-260.el7.ppc64le.rpm glibc-debuginfo-common-2.17-260.el7.ppc64le.rpm glibc-static-2.17-260.el7.ppc64le.rpm s390x: glibc-debuginfo-2.17-260.el7.s390.rpm glibc-debuginfo-2.17-260.el7.s390x.rpm glibc-debuginfo-common-2.17-260.el7.s390.rpm glibc-debuginfo-common-2.17-260.el7.s390x.rpm glibc-static-2.17-260.el7.s390.rpm glibc-static-2.17-260.el7.s390x.rpm x86_64: glibc-debuginfo-2.17-260.el7.i686.rpm glibc-debuginfo-2.17-260.el7.x86_64.rpm glibc-debuginfo-common-2.17-260.el7.i686.rpm glibc-debuginfo-common-2.17-260.el7.x86_64.rpm glibc-static-2.17-260.el7.i686.rpm glibc-static-2.17-260.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glibc-2.17-260.el7.src.rpm x86_64: glibc-2.17-260.el7.i686.rpm glibc-2.17-260.el7.x86_64.rpm glibc-common-2.17-260.el7.x86_64.rpm glibc-debuginfo-2.17-260.el7.i686.rpm glibc-debuginfo-2.17-260.el7.x86_64.rpm glibc-debuginfo-common-2.17-260.el7.i686.rpm glibc-debuginfo-common-2.17-260.el7.x86_64.rpm glibc-devel-2.17-260.el7.i686.rpm glibc-devel-2.17-260.el7.x86_64.rpm glibc-headers-2.17-260.el7.x86_64.rpm glibc-utils-2.17-260.el7.x86_64.rpm nscd-2.17-260.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: glibc-debuginfo-2.17-260.el7.i686.rpm glibc-debuginfo-2.17-260.el7.x86_64.rpm glibc-debuginfo-common-2.17-260.el7.i686.rpm glibc-debuginfo-common-2.17-260.el7.x86_64.rpm glibc-static-2.17-260.el7.i686.rpm glibc-static-2.17-260.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-16997 https://access.redhat.com/security/cve/CVE-2018-6485 https://access.redhat.com/security/cve/CVE-2018-11236 https://access.redhat.com/security/cve/CVE-2018-11237 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIUAwUBW9gSH9zjgjWX9erEAQjCCw/3aIcWInGF/cmGtgv+llNwI5FZRBSkSUoJ ZcTM2i2fNTyYd+3B91uJHlSTGxQA2uveTN3HXWlz+JKqGVsRyr4ho/OQ8Ht54KGN PRzCJtvmd657YilekcE1D718XVNZhadXgF5of1R6od+psGcXwrYgKX/N1ebGIxG5 lBvoCfQg1TmhvxHzqpFCvYdbO7BRzXMamwLcrpvB1UEP7dJ/QI409U/gu+9SSqrt erN+WGbKQr7AxdDzlW5gCAzw32VDi9+LpVOlaMnWPEgIfL4nblb7kJ5+H74B2H8m o9R1o9MdT0Ee/mVhAcrhJFNExoesEt9gcS9pCNZ0Namw8eS4m/jFrGTnw3VYonRp jRWthRTMptFjLzEpzd86zy9FSey/iSessQnxgQoSmhWVu5LbFSV23RTa5DtEBIMf cGaq8D6DugAVUNHobOuc9D8hLm+HE6XOWD4YS6rKH/yPk6RtYhGKAfTJa8PN8L1e jkHjhrp++Z3EvxeSb2O+H9XfeA5yEGg98wE+JMdXfBzS3aW9k7YAybYiCoIFrCAj PB0eMBkbvEOZmX7axwol39slcijgBUFwdT7yjpR69v3kpsdbLwY/ZzyjIolHlkav k4k3UYrmGGR4HLZ+vKp41R6W/YcWjDeT2jELSrm0OiLYJ2+FqMw1RMRnywwmRaoT Hp0HZW8lPw==iH7z -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce