Updated glibc packages fix security vulnerability
Publication date: 30 Nov 2019Modification date: 30 Nov 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-19126
Description
Updated glibc packages fixes the following security issue: On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program (CVE-2019-19126). Other upstream fixes in this update: - Call _dl_open_check after relocation [BZ #24259] - support: Export bindir path on support_path - nss_db: fix endent wrt NULL mappings [BZ #24695] [BZ #24696] - elf: Refuse to dlopen PIE objects [BZ #24323] - Fix alignment of TLS variables for tls variant TLS_TCB_AT_TP [BZ #23403] - Fix assertion in malloc.c:tcache_get - Small tcache improvements - malloc: Remove unwanted leading whitespace in malloc_info [BZ #24867] - malloc: Fix missing accounting of top chunk in malloc_info [BZ #24026] - Add glibc.malloc.mxfast tunable - malloc: Various cleanups for malloc/tst-mxfast - Base max_fast on alignment, not width, of bins [BZ #24903] - Linux: Use in-tree copy of SO_ constants for !__USE_MISC [BZ #24532]
References
SRPMS
7/core
- glibc-2.29-19.mga7