Advisories » MGASA-2018-0159

Updated glibc packages fix security vulnerability

Publication date: 06 Mar 2018
Modification date: 06 Mar 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-6485 , CVE-2018-6551

Description

An integer overflow in the implementation of the posix_memalign in memalign
functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could
cause these functions to return a pointer to a heap area that is too small,
potentially leading to heap corruption (CVE-2018-6485, CVE-2018-6551).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22614
• https://lists.opensuse.org/opensuse-updates/2018-02/msg00078.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551

SRPMS

6/core

• glibc-2.22-28.mga6