Advisories » MGASA-2018-0096

Updated glibc packages fix security vulnerabilities

Publication date: 25 Jan 2018
Modification date: 25 Jan 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-16997 , CVE-2018-1000001

Description

Updated glibc packages fix security vulnerabilities:

An issue in the code handling RPATHs was fixed that could have been
exploited by an attacker to execute code loaded from arbitrary
libraries (CVE-2017-16997).

A privilege escalation bug in the realpath() function when the getcwd()
system call doesn't return a valid absolute pathname (CVE-2018-1000001).

Also, support for the C.UTF-8 locale has been added in the locales
package.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22375
• https://lists.opensuse.org/opensuse-updates/2018-01/msg00033.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16997
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001

SRPMS

6/core

• glibc-2.22-27.mga6
• locales-2.22-7.mga6