Advisories » MGASA-2018-0098

Updated glibc packages fix security vulnerabilities

Publication date: 25 Jan 2018
Modification date: 25 Jan 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-16997 , CVE-2018-1000001

Description

An issue in the code handling RPATHs was fixed that could have been
exploited by an attacker to execute code loaded from arbitrary
libraries (CVE-2017-16997).

A privilege escalation bug in the realpath() function when the getcwd()
system call doesn't return a valid absolute pathname (CVE-2018-1000001).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22433
• https://lists.opensuse.org/opensuse-updates/2018-01/msg00033.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16997
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001

SRPMS

5/core

• glibc-2.20-27.mga5