ELSA-2018-3092

ELSA-2018-3092 - glibc security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2018-11-05

Description

[2.17-260.0.9]
- Regenerate plural.c
- OraBug 28806294.
- Reviewed-by: Jose E. Marchesi

[2.17-260.0.7]
- intl: Port to Bison 3.0
- Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9
- OraBug 28806294.
- Reviewed-by: Patrick McGehearty

[2.17-260.0.5]
- Fix dbl-64/wordsize-64 remquo (bug 17569).
- Backport of upstream d9afe48d55a412e76b0dcb28335fd4b390fe07ae
- OraBug 19570749.
- Reviewed-by: Jose E. Marchesi

[2.17-260.0.3]
- libio: Disable vtable validation in case of interposition.
- Backport of upstream c402355dfa7807b8e0adb27c009135a7e2b9f1b0.
- OraBug 28641867.
- Reviewed-by: Egeyar Bagcioglu

[2.17-260.0.1]
- Include-linux-falloc.h-in-bits-fcntl-linux.h
- Defines FALLOC_FL_PUNSH_HOLE, FALLOC_FL_KEEP_SIZE,
FALLOC_FL_COLLAPSE_RANGE, and FALLOC_FL_ZERO_RANGE
- OraBug 28483336

- Add MAP_SHARED_VALIDATE and MAP_SYNC flags to
- sysdeps/unix/sysv/linux/x86/bits/mman.h
- OraBug 28389572

[2.17-260.0.1]
- Update bits/siginfo.h with Linux hwpoison SIGBUS changes.
- Adds new SIGBUS error codes for hardware poison signals, syncing with
the current kernel headers (v3.9).
- It also adds si_trapno field for alpha.
- New values: BUS_MCEERR_AR, BUS_MCEERR_AO
- OraBug 28124569

[2.17-260]
- Update glibc-rh1560641.patch to initialize pad outside
the conditional eliminating an uninitialized byte warning from
valgrind. (#1560641)

[2.17-259]
- Correctly set errno when send() fails on i686 (#1550080)

[2.17-258]
- Fix dynamic string token substitution in DT_RPATH etc. (#1447808, #1540480)
- Additional robust mutex fixes (#1401665)

[2.17-257]
- Improve process-shared robust mutex support (#1401665)

[2.17-256]
- CVE-2017-16997: Correctly handle DT_RPATH (#1540480).
- Correctly process '' element in DT_RPATH or DT_NEEDED (#1447808).

[2.17-255]
- Make transition from legacy nss_db easier (#1408964)

[2.17-254]
- nptl: Avoid expected SIGALRM in most tests (#1372304)

[2.17-253]
- Add support for el_GR@euro locale. Update el_GR, ur_IN and
wal_ET locales. (#1448107)

[2.17-252]
- Do not scale NPTL tests with available number of CPUs (#1526193)

[2.17-251]
- Correctly set errno when send() fails on s390 and s390x (#1550080)

[2.17-250]
- Initialize pad field in sem_open. (#1560641)

[2.17-249]
- getlogin_r: Return early when process has no associated login UID (#1563046)

[2.17-248]
- Return static array, not local array from transliteration function (#1505500)

[2.17-247]
- Re-write multi-statement strftime_l macros using better style (#1505477)

[2.17-246]
- Fix pthread_barrier_init typo (#1505451)

[2.17-245]
- CVE-2018-11237: AVX-512 mempcpy for KNL buffer overflow (#1579809)

[2.17-244]
- resolv: Fix crash after memory allocation failure (#1579727)

[2.17-243]
- CVE-2018-11236: Path length overflow in realpath (#1579742)

[2.17-242]
- S390: fix sys/ptrace.h to make it includible again after
asm/ptrace.h (#1457479)

[2.17-241]
- x86: setcontext, makecontext alignment issues (#1531168)

[2.17-240]
- Remove abort() warning in manual (#1577333)

[2.17-239]
- Add Open File Description (OFL) locks. (#1461231)

[2.17-238]
- Properly handle more invalid --install-langs arguments. (#1349982)

[2.17-237]
- Add O_TMPFILE macro (#1471405)
- Update syscall names list to kernel 4.16 (#1563747)
- Include in bits/fcntl-linux.h. (#1476120)
- Fix netgroup cache keys. (#1505647)
- Update ptrace constants. (#1457479)

[2.17-236]
- Fix strfmon_l so that it groups digits (#1307241)

[2.17-235]
- CVE-2018-6485: Integer overflow in posix_memalign in memalign (#1548002)

[2.17-234]
- Adjust spec file for compiler warnings cleanup (#1505492)
- Drop ports add-on
- Do not attempt to disable warnings-as-errors on s390x

[2.17-233]
- Compiler warnings cleanup, phase 7 (#1505492)

[2.17-232]
- Compiler warnings cleanup, phase 6 (#1505492)

[2.17-231]
- Compiler warnings cleanup, phase 5 (#1505492)

[2.17-230]
- Compiler warnings cleanup, phase 4 (#1505492)

[2.17-229]
- Compiler warnings cleanup, phase 3 (#1505492)

[2.17-228]
- Compiler warnings cleanup, phase 2 (#1505492)

[2.17-227]
- Fix downstream-specific compiler warnings (#1505492)

[2.17-226]
- rtkaio: Do not define IN_MODULE (#1349967)

[2.17-225]
- Fix K&R function definitions in libio (#1566623)

[2.17-224]
- Fix type errors in string tests (#1564638)

[2.17-223]
- Make nscd build reproducible for verification (#1505492)

Related CVEs

CVE-2017-16997

CVE-2018-11236

CVE-2018-6485

CVE-2018-11237

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 7 (x86_64)	glibc-2.17-260.0.9.el7.src.rpm	b66b0ffe76b258f94bf72c3d6362167b4ca63193700ef09514c374e4a1c37150	ELSA-2024-12444	ol7_x86_64_latest
	glibc-2.17-260.0.9.el7.src.rpm	b66b0ffe76b258f94bf72c3d6362167b4ca63193700ef09514c374e4a1c37150	ELSA-2024-12444	ol7_x86_64_optional_latest
	glibc-2.17-260.0.9.el7.src.rpm	b66b0ffe76b258f94bf72c3d6362167b4ca63193700ef09514c374e4a1c37150	ELSA-2024-12444	ol7_x86_64_u6_base
	glibc-2.17-260.0.9.el7.i686.rpm	a5ab86c7e028c95a190c17992d2d9af1cab7f086ae4466b95dbb0b87dfdda550	ELSA-2024-12444	ol7_x86_64_latest
	glibc-2.17-260.0.9.el7.i686.rpm	a5ab86c7e028c95a190c17992d2d9af1cab7f086ae4466b95dbb0b87dfdda550	ELSA-2024-12444	ol7_x86_64_u6_base
	glibc-2.17-260.0.9.el7.x86_64.rpm	882dfbf2b0430af5c4a5675bf37037875aa7a76dce6bae8112046177c591b68f	ELSA-2024-12444	exadata_dbserver_19.1.1.0.0_x86_64_base
	glibc-2.17-260.0.9.el7.x86_64.rpm	882dfbf2b0430af5c4a5675bf37037875aa7a76dce6bae8112046177c591b68f	ELSA-2024-12444	exadata_dbserver_19.1.2.0.0_x86_64_base
	glibc-2.17-260.0.9.el7.x86_64.rpm	882dfbf2b0430af5c4a5675bf37037875aa7a76dce6bae8112046177c591b68f	ELSA-2024-12444	exadata_dbserver_19.2.0.0.0_x86_64_base
	glibc-2.17-260.0.9.el7.x86_64.rpm	882dfbf2b0430af5c4a5675bf37037875aa7a76dce6bae8112046177c591b68f	ELSA-2024-12444	ol7_x86_64_latest
	glibc-2.17-260.0.9.el7.x86_64.rpm	882dfbf2b0430af5c4a5675bf37037875aa7a76dce6bae8112046177c591b68f	ELSA-2024-12444	ol7_x86_64_u6_base
	glibc-common-2.17-260.0.9.el7.x86_64.rpm	9b0a4e9fe3d9048c2401b23162fb456eca2caf4e5cfd838651737704c86fc18a	ELSA-2024-12444	exadata_dbserver_19.1.1.0.0_x86_64_base
	glibc-common-2.17-260.0.9.el7.x86_64.rpm	9b0a4e9fe3d9048c2401b23162fb456eca2caf4e5cfd838651737704c86fc18a	ELSA-2024-12444	exadata_dbserver_19.1.2.0.0_x86_64_base
	glibc-common-2.17-260.0.9.el7.x86_64.rpm	9b0a4e9fe3d9048c2401b23162fb456eca2caf4e5cfd838651737704c86fc18a	ELSA-2024-12444	exadata_dbserver_19.2.0.0.0_x86_64_base
	glibc-common-2.17-260.0.9.el7.x86_64.rpm	9b0a4e9fe3d9048c2401b23162fb456eca2caf4e5cfd838651737704c86fc18a	ELSA-2024-12444	ol7_x86_64_latest
	glibc-common-2.17-260.0.9.el7.x86_64.rpm	9b0a4e9fe3d9048c2401b23162fb456eca2caf4e5cfd838651737704c86fc18a	ELSA-2024-12444	ol7_x86_64_u6_base
	glibc-devel-2.17-260.0.9.el7.i686.rpm	da755c94c8a6798dc9af4068d676d8dab5355cc0ae950e439c38240b0152e55b	ELSA-2024-12444	ol7_x86_64_latest
	glibc-devel-2.17-260.0.9.el7.i686.rpm	da755c94c8a6798dc9af4068d676d8dab5355cc0ae950e439c38240b0152e55b	ELSA-2024-12444	ol7_x86_64_u6_base
	glibc-devel-2.17-260.0.9.el7.x86_64.rpm	4df8065f9be4440ce97bb91e4695845ffd310e1010442116e3882a6496bbd8c0	ELSA-2024-12444	exadata_dbserver_19.1.1.0.0_x86_64_base
	glibc-devel-2.17-260.0.9.el7.x86_64.rpm	4df8065f9be4440ce97bb91e4695845ffd310e1010442116e3882a6496bbd8c0	ELSA-2024-12444	exadata_dbserver_19.1.2.0.0_x86_64_base
	glibc-devel-2.17-260.0.9.el7.x86_64.rpm	4df8065f9be4440ce97bb91e4695845ffd310e1010442116e3882a6496bbd8c0	ELSA-2024-12444	exadata_dbserver_19.2.0.0.0_x86_64_base
	glibc-devel-2.17-260.0.9.el7.x86_64.rpm	4df8065f9be4440ce97bb91e4695845ffd310e1010442116e3882a6496bbd8c0	ELSA-2024-12444	ol7_x86_64_latest
	glibc-devel-2.17-260.0.9.el7.x86_64.rpm	4df8065f9be4440ce97bb91e4695845ffd310e1010442116e3882a6496bbd8c0	ELSA-2024-12444	ol7_x86_64_u6_base
	glibc-headers-2.17-260.0.9.el7.x86_64.rpm	cc3ef3344ace253322f8d23006dd3cc39617de553535c3bbd8f8c1b75774aa10	ELSA-2024-12444	exadata_dbserver_19.1.1.0.0_x86_64_base
	glibc-headers-2.17-260.0.9.el7.x86_64.rpm	cc3ef3344ace253322f8d23006dd3cc39617de553535c3bbd8f8c1b75774aa10	ELSA-2024-12444	exadata_dbserver_19.1.2.0.0_x86_64_base
	glibc-headers-2.17-260.0.9.el7.x86_64.rpm	cc3ef3344ace253322f8d23006dd3cc39617de553535c3bbd8f8c1b75774aa10	ELSA-2024-12444	exadata_dbserver_19.2.0.0.0_x86_64_base
	glibc-headers-2.17-260.0.9.el7.x86_64.rpm	cc3ef3344ace253322f8d23006dd3cc39617de553535c3bbd8f8c1b75774aa10	ELSA-2024-12444	ol7_x86_64_latest
	glibc-headers-2.17-260.0.9.el7.x86_64.rpm	cc3ef3344ace253322f8d23006dd3cc39617de553535c3bbd8f8c1b75774aa10	ELSA-2024-12444	ol7_x86_64_u6_base
	glibc-static-2.17-260.0.9.el7.i686.rpm	2ff8bc163d26ec9c59315e12d13325fc91d2ac3c9aa7eb0951c42eff1a31e42d	ELSA-2024-12444	ol7_x86_64_optional_latest
	glibc-static-2.17-260.0.9.el7.x86_64.rpm	11f05d1a8417050f1ef8211b56f06fcfbf0b94f1aa248a0760c7f20912195065	ELSA-2024-12444	ol7_x86_64_optional_latest
	glibc-utils-2.17-260.0.9.el7.x86_64.rpm	110ee19e4e5cd04c49094c9ff8ea3e7ff42480522dc8bcfd13402bc4c5d5a053	ELSA-2024-12444	ol7_x86_64_latest
	glibc-utils-2.17-260.0.9.el7.x86_64.rpm	110ee19e4e5cd04c49094c9ff8ea3e7ff42480522dc8bcfd13402bc4c5d5a053	ELSA-2024-12444	ol7_x86_64_u6_base
	nscd-2.17-260.0.9.el7.x86_64.rpm	0bb6b7391df036b3f99d1ec1359c7ceea472045bd1bc66f9b95d190755ffd44d	ELSA-2024-12444	exadata_dbserver_19.1.1.0.0_x86_64_base
	nscd-2.17-260.0.9.el7.x86_64.rpm	0bb6b7391df036b3f99d1ec1359c7ceea472045bd1bc66f9b95d190755ffd44d	ELSA-2024-12444	exadata_dbserver_19.1.2.0.0_x86_64_base
	nscd-2.17-260.0.9.el7.x86_64.rpm	0bb6b7391df036b3f99d1ec1359c7ceea472045bd1bc66f9b95d190755ffd44d	ELSA-2024-12444	exadata_dbserver_19.2.0.0.0_x86_64_base
	nscd-2.17-260.0.9.el7.x86_64.rpm	0bb6b7391df036b3f99d1ec1359c7ceea472045bd1bc66f9b95d190755ffd44d	ELSA-2024-12444	ol7_x86_64_latest
	nscd-2.17-260.0.9.el7.x86_64.rpm	0bb6b7391df036b3f99d1ec1359c7ceea472045bd1bc66f9b95d190755ffd44d	ELSA-2024-12444	ol7_x86_64_u6_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team