ELSA-2018-0805

ULN >
Oracle Linux Errata repository >
ELSA-2018-0805

ELSA-2018-0805 - glibc security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2018-04-16

Description

[2.17-222]
- Restore internal GLIBC_PRIVATE symbols for use during upgrades (#1523119)

[2.17-221]
- CVE-2018-1000001: Fix realpath() buffer underflow (#1534635)
- i386: Fix unwinding for 32-bit C++ application (#1529982)
- Reduce thread and dynamic loader stack usage (#1527904)
- x86-64: Use XSAVE/XSAVEC more often during lazy symbol binding (#1528418)

[2.17-220]
- Update HWCAP bits for IBM POWER9 DD2.1 (#1503854)

[2.17-219]
- Rebuild with newer gcc for aarch64 stack probing fixes (#1500475)

[2.17-218]
- Improve memcpy performance for POWER9 DD2.1 (#1498925)

[2.17-217]
- Update Linux system call list to kernel 4.13 (#1508895)

[2.17-216]
- x86-64: Use XSAVE/XSAVEC in the ld.so trampoline (#1504969)

[2.17-215]
- CVE-2017-15670: glob: Fix one-byte overflow with GLOB_TILDE (#1504809)
- CVE-2017-15804: glob: Fix buffer overflow in GLOB_TILDE unescaping (#1504809)

[2.17-214]
- Fix check-localplt test failure.
- Include ld.so in check-localplt test. (#1440250)

[2.17-213]
- Fix build warning in locarchive.c (#1349964)

[2.17-212]
- Hide reference to mktemp in libpthread (#1349962)

[2.17-211]
- Implement fopencookie hardening (#1372305)

[2.17-210]
- x86-64: Support __tls_get_addr with an unaligned stack (#1468807)

[2.17-209]
- Define CLOCK_TAI in (#1448822)

[2.17-208]
- Compile glibc with -fstack-clash-protection (#1500475)

[2.17-207]
- aarch64: Avoid invalid relocations in the startup code (#1500908)

[2.17-206]
- Fix timezone test failures on large parallel builds. (#1234449, #1378329)

[2.17-205]
- Handle DSOs with no PLT (#1445781)

[2.17-204]
- libio: Implement vtable verification (#1398413)

[2.17-203]
- Fix socket system call selection on s390x (#1498566).
- Use different construct for protected visibility in IFUNC tests (#1445644)

[2.17-202]
- Rebase the DNS stub resolver and getaddrinfo to the glibc 2.26 version
- Support an arbitrary number of search domains in the stub resolver (#677316)
- Detect and apply /etc/resolv.conf changes in libresolv (#1432085)
- CVE-2017-1213: Fragmentation attacks possible when ENDS0 is enabled
(#1487063)
- CVE-2016-3706: Stack (frame) overflow in getaddrinfo when called
with AF_INET, AF_INET6 (#1329674)
- CVE-2015-5180: resolv: Fix crash with internal QTYPE (#1497131)
- CVE-2014-9402: denial of service in getnetbyname function (#1497132)
- Fix getaddrinfo to handle certain long lines in /etc/hosts (#1452034)
- Make RES_ROTATE start with a random name server (#1257639)
- Stricter IPv6 address parser (#1484034)
- Remove noip6dotint support from the stub resolver (#1482988)
- Remove partial bitstring label support from the stub resolver
- Remove unsupported resolver hook functions from the API
- Remove outdated RR type classification macros from the API
- hesiod: Always use TLS resolver state
- hesiod: Avoid non-trust-boundary crossing heap overflow in get_txt_records

[2.17.201]
- Fix hang in nscd cache prune thread (#1435615)

[2.17-200]
- Add binary timezone test data files (#1234449, #1378329)

[2.17.198]
- Add support for new IBM z14 (s390x) instructions (#1375235)

[2.17-197]
- Fix compile warnings in malloc (#1347277)
- Fix occasional tst-malloc-usable failures (#1348000)
- Additional chunk hardening in malloc (#1447556)
- Pointer alignment fix in nss group merge (#1463692)
- Fix SIGSEGV when LD_LIBRARY_PATH only has non-existing paths (#1443236)

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (x86_64)	glibc-2.17-222.el7.src.rpm	e8686c208b301113406a29742dc873c980286337123521ecc58dfaa055228b4f	ELSA-2024-12444	ol7_x86_64_latest
	glibc-2.17-222.el7.src.rpm	e8686c208b301113406a29742dc873c980286337123521ecc58dfaa055228b4f	ELSA-2024-12444	ol7_x86_64_optional_archive
	glibc-2.17-222.el7.src.rpm	e8686c208b301113406a29742dc873c980286337123521ecc58dfaa055228b4f	ELSA-2024-12444	ol7_x86_64_optional_latest
	glibc-2.17-222.el7.src.rpm	e8686c208b301113406a29742dc873c980286337123521ecc58dfaa055228b4f	ELSA-2024-12444	ol7_x86_64_u5_base
	glibc-2.17-222.el7.i686.rpm	dcb4848ba1e62cdd9c406b0d5a8a4e9edc081c038f22dd57e482b3525bfea67d	ELSA-2024-12444	ol7_x86_64_latest
	glibc-2.17-222.el7.i686.rpm	dcb4848ba1e62cdd9c406b0d5a8a4e9edc081c038f22dd57e482b3525bfea67d	ELSA-2024-12444	ol7_x86_64_u5_base
	glibc-2.17-222.el7.x86_64.rpm	8c08500021b05c25717c54328800545e38073ddb446531515bf57774adb47773	ELSA-2024-12444	exadata_dbserver_19.1.0.0.0_x86_64_base
	glibc-2.17-222.el7.x86_64.rpm	8c08500021b05c25717c54328800545e38073ddb446531515bf57774adb47773	ELSA-2024-12444	ol7_x86_64_latest
	glibc-2.17-222.el7.x86_64.rpm	8c08500021b05c25717c54328800545e38073ddb446531515bf57774adb47773	ELSA-2024-12444	ol7_x86_64_u5_base
	glibc-common-2.17-222.el7.x86_64.rpm	14af752b6078c833a9e6dfa90a7479e78fcc35b222627bb3ac22b4c79f347df0	ELSA-2024-12444	exadata_dbserver_19.1.0.0.0_x86_64_base
	glibc-common-2.17-222.el7.x86_64.rpm	14af752b6078c833a9e6dfa90a7479e78fcc35b222627bb3ac22b4c79f347df0	ELSA-2024-12444	ol7_x86_64_latest
	glibc-common-2.17-222.el7.x86_64.rpm	14af752b6078c833a9e6dfa90a7479e78fcc35b222627bb3ac22b4c79f347df0	ELSA-2024-12444	ol7_x86_64_u5_base
	glibc-devel-2.17-222.el7.i686.rpm	a1535e0d4eb2e7c67a225942ff9744f70c16a41ca8f4ed02233dbc5d2550c7a4	ELSA-2024-12444	ol7_x86_64_latest
	glibc-devel-2.17-222.el7.i686.rpm	a1535e0d4eb2e7c67a225942ff9744f70c16a41ca8f4ed02233dbc5d2550c7a4	ELSA-2024-12444	ol7_x86_64_u5_base
	glibc-devel-2.17-222.el7.x86_64.rpm	be491d709fb897838a6a78908faeb99a0eb3d8568705e0c86a4ac488e426022f	ELSA-2024-12444	exadata_dbserver_19.1.0.0.0_x86_64_base
	glibc-devel-2.17-222.el7.x86_64.rpm	be491d709fb897838a6a78908faeb99a0eb3d8568705e0c86a4ac488e426022f	ELSA-2024-12444	ol7_x86_64_latest
	glibc-devel-2.17-222.el7.x86_64.rpm	be491d709fb897838a6a78908faeb99a0eb3d8568705e0c86a4ac488e426022f	ELSA-2024-12444	ol7_x86_64_u5_base
	glibc-headers-2.17-222.el7.x86_64.rpm	c5447f5c7e8e694aede34c0dce926567ecfe6006deda60609d808c4fd3f1fa35	ELSA-2024-12444	exadata_dbserver_19.1.0.0.0_x86_64_base
	glibc-headers-2.17-222.el7.x86_64.rpm	c5447f5c7e8e694aede34c0dce926567ecfe6006deda60609d808c4fd3f1fa35	ELSA-2024-12444	ol7_x86_64_latest
	glibc-headers-2.17-222.el7.x86_64.rpm	c5447f5c7e8e694aede34c0dce926567ecfe6006deda60609d808c4fd3f1fa35	ELSA-2024-12444	ol7_x86_64_u5_base
	glibc-static-2.17-222.el7.i686.rpm	4491d69e68210acdb4e58d785ff0d3967add62e2bc8669e0ac54a1dedd156cfe	ELSA-2024-12444	ol7_x86_64_optional_archive
	glibc-static-2.17-222.el7.i686.rpm	4491d69e68210acdb4e58d785ff0d3967add62e2bc8669e0ac54a1dedd156cfe	ELSA-2024-12444	ol7_x86_64_optional_latest
	glibc-static-2.17-222.el7.x86_64.rpm	0c54429ee601f978dfe4d2556d99c2503127da5f8ed47b348b25dbb3eacf1a7d	ELSA-2024-12444	ol7_x86_64_optional_archive
	glibc-static-2.17-222.el7.x86_64.rpm	0c54429ee601f978dfe4d2556d99c2503127da5f8ed47b348b25dbb3eacf1a7d	ELSA-2024-12444	ol7_x86_64_optional_latest
	glibc-utils-2.17-222.el7.x86_64.rpm	53f8e9912d10cf0ee418367d25304fa4c29963d16a7d5033bf26dcecd8c6491f	ELSA-2024-12444	ol7_x86_64_latest
	glibc-utils-2.17-222.el7.x86_64.rpm	53f8e9912d10cf0ee418367d25304fa4c29963d16a7d5033bf26dcecd8c6491f	ELSA-2024-12444	ol7_x86_64_u5_base
	nscd-2.17-222.el7.x86_64.rpm	4a1f2d6bd158c28ba2127732e3a57667ed428ca67a7d07625ca00c77c61ea2c1	ELSA-2024-12444	exadata_dbserver_19.1.0.0.0_x86_64_base
	nscd-2.17-222.el7.x86_64.rpm	4a1f2d6bd158c28ba2127732e3a57667ed428ca67a7d07625ca00c77c61ea2c1	ELSA-2024-12444	ol7_x86_64_latest
	nscd-2.17-222.el7.x86_64.rpm	4a1f2d6bd158c28ba2127732e3a57667ed428ca67a7d07625ca00c77c61ea2c1	ELSA-2024-12444	ol7_x86_64_u5_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691