MGASA-2018-0293

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0293.html

Import Source

https://advisories.mageia.org/MGASA-2018-0293.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0293

Related

Published

2018-06-24T22:02:29Z

Modified

2018-06-24T21:17:53Z

Summary

Updated glibc packages fix security vulnerabilities

Details

Updated glibc packages fix security vulnerabilities:

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution (CVE-2017-18269).

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution (CVE-2018-11236).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / glibc

Package

Name: glibc
Purl: pkg:rpm/mageia/glibc?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.22-29.mga6

Ecosystem specific

{
    "section": "core"
}