Updated glibc packages fix security vulnerabilities
Publication date: 25 Jan 2018Modification date: 25 Jan 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-16997 , CVE-2018-1000001
Description
Updated glibc packages fix security vulnerabilities: An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries (CVE-2017-16997). A privilege escalation bug in the realpath() function when the getcwd() system call doesn't return a valid absolute pathname (CVE-2018-1000001). Also, support for the C.UTF-8 locale has been added in the locales package.
References
SRPMS
6/core
- glibc-2.22-27.mga6
- locales-2.22-7.mga6