-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: glibc security, bug fix, and enhancement update Advisory ID: RHSA-2020:3861-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3861 Issue date: 2020-09-29 CVE Names: CVE-2019-19126 ==================================================================== 1. Summary: An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1763325 - argp.h kills __attribute__, causing gcc 4.8.5 with -std=c++ results in compile / link errors for __gthrw_pthread_mutex_* functions 1772307 - glibc: Measured performance loss in lmbench for bcopy on Haswell processor 1774681 - CVE-2019-19126 glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries 1775816 - glibc: Disable libio vtable validation for interposed pre-2.1 stdio handles [rhel-7] 1795573 - glibc: Remove problematic Obsoletes: from the spec file 1834816 - glibc: internal_end*ent in nss_compat may clobber errno, hiding ERANGE 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: glibc-2.17-317.el7.src.rpm x86_64: glibc-2.17-317.el7.i686.rpm glibc-2.17-317.el7.x86_64.rpm glibc-common-2.17-317.el7.x86_64.rpm glibc-debuginfo-2.17-317.el7.i686.rpm glibc-debuginfo-2.17-317.el7.x86_64.rpm glibc-debuginfo-common-2.17-317.el7.i686.rpm glibc-debuginfo-common-2.17-317.el7.x86_64.rpm glibc-devel-2.17-317.el7.i686.rpm glibc-devel-2.17-317.el7.x86_64.rpm glibc-headers-2.17-317.el7.x86_64.rpm glibc-utils-2.17-317.el7.x86_64.rpm nscd-2.17-317.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: glibc-debuginfo-2.17-317.el7.i686.rpm glibc-debuginfo-2.17-317.el7.x86_64.rpm glibc-debuginfo-common-2.17-317.el7.i686.rpm glibc-debuginfo-common-2.17-317.el7.x86_64.rpm glibc-static-2.17-317.el7.i686.rpm glibc-static-2.17-317.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glibc-2.17-317.el7.src.rpm x86_64: glibc-2.17-317.el7.i686.rpm glibc-2.17-317.el7.x86_64.rpm glibc-common-2.17-317.el7.x86_64.rpm glibc-debuginfo-2.17-317.el7.i686.rpm glibc-debuginfo-2.17-317.el7.x86_64.rpm glibc-debuginfo-common-2.17-317.el7.i686.rpm glibc-debuginfo-common-2.17-317.el7.x86_64.rpm glibc-devel-2.17-317.el7.i686.rpm glibc-devel-2.17-317.el7.x86_64.rpm glibc-headers-2.17-317.el7.x86_64.rpm glibc-utils-2.17-317.el7.x86_64.rpm nscd-2.17-317.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: glibc-debuginfo-2.17-317.el7.i686.rpm glibc-debuginfo-2.17-317.el7.x86_64.rpm glibc-debuginfo-common-2.17-317.el7.i686.rpm glibc-debuginfo-common-2.17-317.el7.x86_64.rpm glibc-static-2.17-317.el7.i686.rpm glibc-static-2.17-317.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glibc-2.17-317.el7.src.rpm ppc64: glibc-2.17-317.el7.ppc.rpm glibc-2.17-317.el7.ppc64.rpm glibc-common-2.17-317.el7.ppc64.rpm glibc-debuginfo-2.17-317.el7.ppc.rpm glibc-debuginfo-2.17-317.el7.ppc64.rpm glibc-debuginfo-common-2.17-317.el7.ppc.rpm glibc-debuginfo-common-2.17-317.el7.ppc64.rpm glibc-devel-2.17-317.el7.ppc.rpm glibc-devel-2.17-317.el7.ppc64.rpm glibc-headers-2.17-317.el7.ppc64.rpm glibc-utils-2.17-317.el7.ppc64.rpm nscd-2.17-317.el7.ppc64.rpm ppc64le: glibc-2.17-317.el7.ppc64le.rpm glibc-common-2.17-317.el7.ppc64le.rpm glibc-debuginfo-2.17-317.el7.ppc64le.rpm glibc-debuginfo-common-2.17-317.el7.ppc64le.rpm glibc-devel-2.17-317.el7.ppc64le.rpm glibc-headers-2.17-317.el7.ppc64le.rpm glibc-utils-2.17-317.el7.ppc64le.rpm nscd-2.17-317.el7.ppc64le.rpm s390x: glibc-2.17-317.el7.s390.rpm glibc-2.17-317.el7.s390x.rpm glibc-common-2.17-317.el7.s390x.rpm glibc-debuginfo-2.17-317.el7.s390.rpm glibc-debuginfo-2.17-317.el7.s390x.rpm glibc-debuginfo-common-2.17-317.el7.s390.rpm glibc-debuginfo-common-2.17-317.el7.s390x.rpm glibc-devel-2.17-317.el7.s390.rpm glibc-devel-2.17-317.el7.s390x.rpm glibc-headers-2.17-317.el7.s390x.rpm glibc-utils-2.17-317.el7.s390x.rpm nscd-2.17-317.el7.s390x.rpm x86_64: glibc-2.17-317.el7.i686.rpm glibc-2.17-317.el7.x86_64.rpm glibc-common-2.17-317.el7.x86_64.rpm glibc-debuginfo-2.17-317.el7.i686.rpm glibc-debuginfo-2.17-317.el7.x86_64.rpm glibc-debuginfo-common-2.17-317.el7.i686.rpm glibc-debuginfo-common-2.17-317.el7.x86_64.rpm glibc-devel-2.17-317.el7.i686.rpm glibc-devel-2.17-317.el7.x86_64.rpm glibc-headers-2.17-317.el7.x86_64.rpm glibc-utils-2.17-317.el7.x86_64.rpm nscd-2.17-317.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: glibc-debuginfo-2.17-317.el7.ppc.rpm glibc-debuginfo-2.17-317.el7.ppc64.rpm glibc-debuginfo-common-2.17-317.el7.ppc.rpm glibc-debuginfo-common-2.17-317.el7.ppc64.rpm glibc-static-2.17-317.el7.ppc.rpm glibc-static-2.17-317.el7.ppc64.rpm ppc64le: glibc-debuginfo-2.17-317.el7.ppc64le.rpm glibc-debuginfo-common-2.17-317.el7.ppc64le.rpm glibc-static-2.17-317.el7.ppc64le.rpm s390x: glibc-debuginfo-2.17-317.el7.s390.rpm glibc-debuginfo-2.17-317.el7.s390x.rpm glibc-debuginfo-common-2.17-317.el7.s390.rpm glibc-debuginfo-common-2.17-317.el7.s390x.rpm glibc-static-2.17-317.el7.s390.rpm glibc-static-2.17-317.el7.s390x.rpm x86_64: glibc-debuginfo-2.17-317.el7.i686.rpm glibc-debuginfo-2.17-317.el7.x86_64.rpm glibc-debuginfo-common-2.17-317.el7.i686.rpm glibc-debuginfo-common-2.17-317.el7.x86_64.rpm glibc-static-2.17-317.el7.i686.rpm glibc-static-2.17-317.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glibc-2.17-317.el7.src.rpm x86_64: glibc-2.17-317.el7.i686.rpm glibc-2.17-317.el7.x86_64.rpm glibc-common-2.17-317.el7.x86_64.rpm glibc-debuginfo-2.17-317.el7.i686.rpm glibc-debuginfo-2.17-317.el7.x86_64.rpm glibc-debuginfo-common-2.17-317.el7.i686.rpm glibc-debuginfo-common-2.17-317.el7.x86_64.rpm glibc-devel-2.17-317.el7.i686.rpm glibc-devel-2.17-317.el7.x86_64.rpm glibc-headers-2.17-317.el7.x86_64.rpm glibc-utils-2.17-317.el7.x86_64.rpm nscd-2.17-317.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: glibc-debuginfo-2.17-317.el7.i686.rpm glibc-debuginfo-2.17-317.el7.x86_64.rpm glibc-debuginfo-common-2.17-317.el7.i686.rpm glibc-debuginfo-common-2.17-317.el7.x86_64.rpm glibc-static-2.17-317.el7.i686.rpm glibc-static-2.17-317.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-19126 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OehNzjgjWX9erEAQjgdQ//U5s3yYbo0XV4w+zGBY/hHsIpGgynbKV6 eTkperWbnDJHdK5pgSOJmEhhhTeXqcwagYazowLwx1W0kHsJKZkZ/g9E6z05kQH2 GTZSnkbaokmbN1Ex8dIsKPv65RZgelt7g6PGf2LuIUfmtBqamryojI2ucIPiv8dM YO6XpEA/dUvAezsGOtXDWVQcLkdUPLf3bbIwIZSCoMNJpHyNF9G+dj0ctr+Qz2GF zpgFtxWIw6csJ6RF/jyhNfsP5Sl2WuR6noMinerIZ0zbxn2spnYpnR/7B/Kju6VB x6UIV19Afteh3Q+gLaapmL7aEO+BX8Y9qZuGZ0HEOFIzuFPL8/EpDFGdyBlh97Hi j8lBpfr62Urwnmsi8Ez6DVAtmAdv9xvvEtSsLlqDVdHeUcQDflx1p7sE7rDQFK7c BAVCD9ZrY+1TgJG9sMJnCpah86JqkdpV9k0KNHMmg6uqHM7vhd2Exi59gPmGgZ11 gDJc1K2u6et3BAlnnzhwMx2lyawxYKy/2JP6d9DQD4VdWMdi3zD/ArNpfFoAboun d0Qku//NiqYk6odbYsu1DiJ0zzbHYrNDd/OzgQU0HS2AcDz252uRtfk2eltJ0CL5 u2FYfmSqC338Cpe7kXmgygk4mQR/y6GLxkv58EcL0rJquarzNaysHV5/Lhm3s83A VVeM0iNNMXM=9Gut -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce