Oracle Errata System Oracle Linux 5.11 2024-09-21T18:50:29 Oracle Linux 7 [2.17-222] - Restore internal GLIBC_PRIVATE symbols for use during upgrades (#1523119) [2.17-221] - CVE-2018-1000001: Fix realpath() buffer underflow (#1534635) - i386: Fix unwinding for 32-bit C++ application (#1529982) - Reduce thread and dynamic loader stack usage (#1527904) - x86-64: Use XSAVE/XSAVEC more often during lazy symbol binding (#1528418) [2.17-220] - Update HWCAP bits for IBM POWER9 DD2.1 (#1503854) [2.17-219] - Rebuild with newer gcc for aarch64 stack probing fixes (#1500475) [2.17-218] - Improve memcpy performance for POWER9 DD2.1 (#1498925) [2.17-217] - Update Linux system call list to kernel 4.13 (#1508895) [2.17-216] - x86-64: Use XSAVE/XSAVEC in the ld.so trampoline (#1504969) [2.17-215] - CVE-2017-15670: glob: Fix one-byte overflow with GLOB_TILDE (#1504809) - CVE-2017-15804: glob: Fix buffer overflow in GLOB_TILDE unescaping (#1504809) [2.17-214] - Fix check-localplt test failure. - Include ld.so in check-localplt test. (#1440250) [2.17-213] - Fix build warning in locarchive.c (#1349964) [2.17-212] - Hide reference to mktemp in libpthread (#1349962) [2.17-211] - Implement fopencookie hardening (#1372305) [2.17-210] - x86-64: Support __tls_get_addr with an unaligned stack (#1468807) [2.17-209] - Define CLOCK_TAI in <time.h> (#1448822) [2.17-208] - Compile glibc with -fstack-clash-protection (#1500475) [2.17-207] - aarch64: Avoid invalid relocations in the startup code (#1500908) [2.17-206] - Fix timezone test failures on large parallel builds. (#1234449, #1378329) [2.17-205] - Handle DSOs with no PLT (#1445781) [2.17-204] - libio: Implement vtable verification (#1398413) [2.17-203] - Fix socket system call selection on s390x (#1498566). - Use different construct for protected visibility in IFUNC tests (#1445644) [2.17-202] - Rebase the DNS stub resolver and getaddrinfo to the glibc 2.26 version - Support an arbitrary number of search domains in the stub resolver (#677316) - Detect and apply /etc/resolv.conf changes in libresolv (#1432085) - CVE-2017-1213: Fragmentation attacks possible when ENDS0 is enabled (#1487063) - CVE-2016-3706: Stack (frame) overflow in getaddrinfo when called with AF_INET, AF_INET6 (#1329674) - CVE-2015-5180: resolv: Fix crash with internal QTYPE (#1497131) - CVE-2014-9402: denial of service in getnetbyname function (#1497132) - Fix getaddrinfo to handle certain long lines in /etc/hosts (#1452034) - Make RES_ROTATE start with a random name server (#1257639) - Stricter IPv6 address parser (#1484034) - Remove noip6dotint support from the stub resolver (#1482988) - Remove partial bitstring label support from the stub resolver - Remove unsupported resolver hook functions from the API - Remove outdated RR type classification macros from the API - hesiod: Always use TLS resolver state - hesiod: Avoid non-trust-boundary crossing heap overflow in get_txt_records [2.17.201] - Fix hang in nscd cache prune thread (#1435615) [2.17-200] - Add binary timezone test data files (#1234449, #1378329) [2.17.198] - Add support for new IBM z14 (s390x) instructions (#1375235) [2.17-197] - Fix compile warnings in malloc (#1347277) - Fix occasional tst-malloc-usable failures (#1348000) - Additional chunk hardening in malloc (#1447556) - Pointer alignment fix in nss group merge (#1463692) - Fix SIGSEGV when LD_LIBRARY_PATH only has non-existing paths (#1443236) IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:7::userspace_ksplice