RHSA-2018:0805-01 -- Redhat glibcID: oval:org.secpod.oval:def:502266 | Date: (C)2018-04-13 (M)2024-04-17 |
Class: PATCH | Family: unix |
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: realpath buffer underflow when getcwd returns relative path allows privilege escalation * glibc: Buffer overflow in glob with GLOB_TILDE * glibc: Buffer overflow during unescaping of user names with the ~ operator * glibc: denial of service in getnetbyname function * glibc: DNS resolver NULL pointer dereference with crafted record type * glibc: Fragmentation attacks possible when EDNS0 is enabled For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. Red Hat would like to thank halfdog for reporting CVE-2018-1000001. The CVE-2015-5180 issue was discovered by Florian Weimer . Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.
Platform: |
Red Hat Enterprise Linux 7 |