Security update for glibc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0089-1 Final 1 1 2018-01-15T09:54:03Z current 2018-01-15T09:54:03Z 2018-01-15T09:54:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glibc This update for glibc fixes the following issues: - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319] - An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries. [CVE-2017-16997, bsc#1073231] - A potential crash caused by a use-after-free bug in pthread_create() has been fixed. [bsc#1053188] - A bug that prevented users to build shared objects which use the optimized libmvec.so API has been fixed. [bsc#1070905] - A memory leak in the glob() function has been fixed. [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583] - A bug that would lose the syscall error code value in case of crashes has been fixed. [bsc#1063675] This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00040.html E-Mail link for openSUSE-SU-2018:0089-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 glibc-2.22-10.1 glibc-32bit-2.22-10.1 glibc-devel-2.22-10.1 glibc-devel-32bit-2.22-10.1 glibc-devel-static-2.22-10.1 glibc-devel-static-32bit-2.22-10.1 glibc-extra-2.22-10.1 glibc-html-2.22-10.1 glibc-i18ndata-2.22-10.1 glibc-info-2.22-10.1 glibc-locale-2.22-10.1 glibc-locale-32bit-2.22-10.1 glibc-obsolete-2.22-10.1 glibc-profile-2.22-10.1 glibc-profile-32bit-2.22-10.1 glibc-testsuite-2.22-10.1 glibc-utils-2.22-10.1 glibc-utils-32bit-2.22-10.1 nscd-2.22-10.1 glibc-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-32bit-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-devel-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-devel-32bit-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-devel-static-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-devel-static-32bit-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-extra-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-html-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-i18ndata-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-info-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-locale-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-locale-32bit-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-obsolete-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-profile-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-profile-32bit-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-testsuite-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-utils-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-utils-32bit-2.22-10.1 as a component of openSUSE Leap 42.2 nscd-2.22-10.1 as a component of openSUSE Leap 42.2 glibc-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-32bit-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-devel-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-devel-32bit-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-devel-static-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-devel-static-32bit-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-extra-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-html-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-i18ndata-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-info-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-locale-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-locale-32bit-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-obsolete-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-profile-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-profile-32bit-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-testsuite-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-utils-2.22-10.1 as a component of openSUSE Leap 42.3 glibc-utils-32bit-2.22-10.1 as a component of openSUSE Leap 42.3 nscd-2.22-10.1 as a component of openSUSE Leap 42.3 A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. CVE-2017-1000408 openSUSE Leap 42.2:glibc-2.22-10.1 openSUSE Leap 42.2:glibc-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-devel-2.22-10.1 openSUSE Leap 42.2:glibc-devel-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-devel-static-2.22-10.1 openSUSE Leap 42.2:glibc-devel-static-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-extra-2.22-10.1 openSUSE Leap 42.2:glibc-html-2.22-10.1 openSUSE Leap 42.2:glibc-i18ndata-2.22-10.1 openSUSE Leap 42.2:glibc-info-2.22-10.1 openSUSE Leap 42.2:glibc-locale-2.22-10.1 openSUSE Leap 42.2:glibc-locale-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-obsolete-2.22-10.1 openSUSE Leap 42.2:glibc-profile-2.22-10.1 openSUSE Leap 42.2:glibc-profile-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-testsuite-2.22-10.1 openSUSE Leap 42.2:glibc-utils-2.22-10.1 openSUSE Leap 42.2:glibc-utils-32bit-2.22-10.1 openSUSE Leap 42.2:nscd-2.22-10.1 openSUSE Leap 42.3:glibc-2.22-10.1 openSUSE Leap 42.3:glibc-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-devel-2.22-10.1 openSUSE Leap 42.3:glibc-devel-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-devel-static-2.22-10.1 openSUSE Leap 42.3:glibc-devel-static-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-extra-2.22-10.1 openSUSE Leap 42.3:glibc-html-2.22-10.1 openSUSE Leap 42.3:glibc-i18ndata-2.22-10.1 openSUSE Leap 42.3:glibc-info-2.22-10.1 openSUSE Leap 42.3:glibc-locale-2.22-10.1 openSUSE Leap 42.3:glibc-locale-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-obsolete-2.22-10.1 openSUSE Leap 42.3:glibc-profile-2.22-10.1 openSUSE Leap 42.3:glibc-profile-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-testsuite-2.22-10.1 openSUSE Leap 42.3:glibc-utils-2.22-10.1 openSUSE Leap 42.3:glibc-utils-32bit-2.22-10.1 openSUSE Leap 42.3:nscd-2.22-10.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00040.html https://www.suse.com/security/cve/CVE-2017-1000408.html CVE-2017-1000408 https://bugzilla.suse.com/1039357 SUSE Bug 1039357 https://bugzilla.suse.com/1071319 SUSE Bug 1071319 A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. CVE-2017-1000409 openSUSE Leap 42.2:glibc-2.22-10.1 openSUSE Leap 42.2:glibc-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-devel-2.22-10.1 openSUSE Leap 42.2:glibc-devel-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-devel-static-2.22-10.1 openSUSE Leap 42.2:glibc-devel-static-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-extra-2.22-10.1 openSUSE Leap 42.2:glibc-html-2.22-10.1 openSUSE Leap 42.2:glibc-i18ndata-2.22-10.1 openSUSE Leap 42.2:glibc-info-2.22-10.1 openSUSE Leap 42.2:glibc-locale-2.22-10.1 openSUSE Leap 42.2:glibc-locale-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-obsolete-2.22-10.1 openSUSE Leap 42.2:glibc-profile-2.22-10.1 openSUSE Leap 42.2:glibc-profile-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-testsuite-2.22-10.1 openSUSE Leap 42.2:glibc-utils-2.22-10.1 openSUSE Leap 42.2:glibc-utils-32bit-2.22-10.1 openSUSE Leap 42.2:nscd-2.22-10.1 openSUSE Leap 42.3:glibc-2.22-10.1 openSUSE Leap 42.3:glibc-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-devel-2.22-10.1 openSUSE Leap 42.3:glibc-devel-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-devel-static-2.22-10.1 openSUSE Leap 42.3:glibc-devel-static-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-extra-2.22-10.1 openSUSE Leap 42.3:glibc-html-2.22-10.1 openSUSE Leap 42.3:glibc-i18ndata-2.22-10.1 openSUSE Leap 42.3:glibc-info-2.22-10.1 openSUSE Leap 42.3:glibc-locale-2.22-10.1 openSUSE Leap 42.3:glibc-locale-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-obsolete-2.22-10.1 openSUSE Leap 42.3:glibc-profile-2.22-10.1 openSUSE Leap 42.3:glibc-profile-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-testsuite-2.22-10.1 openSUSE Leap 42.3:glibc-utils-2.22-10.1 openSUSE Leap 42.3:glibc-utils-32bit-2.22-10.1 openSUSE Leap 42.3:nscd-2.22-10.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00040.html https://www.suse.com/security/cve/CVE-2017-1000409.html CVE-2017-1000409 https://bugzilla.suse.com/1071319 SUSE Bug 1071319 The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. CVE-2017-15670 openSUSE Leap 42.2:glibc-2.22-10.1 openSUSE Leap 42.2:glibc-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-devel-2.22-10.1 openSUSE Leap 42.2:glibc-devel-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-devel-static-2.22-10.1 openSUSE Leap 42.2:glibc-devel-static-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-extra-2.22-10.1 openSUSE Leap 42.2:glibc-html-2.22-10.1 openSUSE Leap 42.2:glibc-i18ndata-2.22-10.1 openSUSE Leap 42.2:glibc-info-2.22-10.1 openSUSE Leap 42.2:glibc-locale-2.22-10.1 openSUSE Leap 42.2:glibc-locale-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-obsolete-2.22-10.1 openSUSE Leap 42.2:glibc-profile-2.22-10.1 openSUSE Leap 42.2:glibc-profile-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-testsuite-2.22-10.1 openSUSE Leap 42.2:glibc-utils-2.22-10.1 openSUSE Leap 42.2:glibc-utils-32bit-2.22-10.1 openSUSE Leap 42.2:nscd-2.22-10.1 openSUSE Leap 42.3:glibc-2.22-10.1 openSUSE Leap 42.3:glibc-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-devel-2.22-10.1 openSUSE Leap 42.3:glibc-devel-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-devel-static-2.22-10.1 openSUSE Leap 42.3:glibc-devel-static-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-extra-2.22-10.1 openSUSE Leap 42.3:glibc-html-2.22-10.1 openSUSE Leap 42.3:glibc-i18ndata-2.22-10.1 openSUSE Leap 42.3:glibc-info-2.22-10.1 openSUSE Leap 42.3:glibc-locale-2.22-10.1 openSUSE Leap 42.3:glibc-locale-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-obsolete-2.22-10.1 openSUSE Leap 42.3:glibc-profile-2.22-10.1 openSUSE Leap 42.3:glibc-profile-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-testsuite-2.22-10.1 openSUSE Leap 42.3:glibc-utils-2.22-10.1 openSUSE Leap 42.3:glibc-utils-32bit-2.22-10.1 openSUSE Leap 42.3:nscd-2.22-10.1 moderate 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00040.html https://www.suse.com/security/cve/CVE-2017-15670.html CVE-2017-15670 https://bugzilla.suse.com/1064583 SUSE Bug 1064583 The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). CVE-2017-15671 openSUSE Leap 42.2:glibc-2.22-10.1 openSUSE Leap 42.2:glibc-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-devel-2.22-10.1 openSUSE Leap 42.2:glibc-devel-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-devel-static-2.22-10.1 openSUSE Leap 42.2:glibc-devel-static-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-extra-2.22-10.1 openSUSE Leap 42.2:glibc-html-2.22-10.1 openSUSE Leap 42.2:glibc-i18ndata-2.22-10.1 openSUSE Leap 42.2:glibc-info-2.22-10.1 openSUSE Leap 42.2:glibc-locale-2.22-10.1 openSUSE Leap 42.2:glibc-locale-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-obsolete-2.22-10.1 openSUSE Leap 42.2:glibc-profile-2.22-10.1 openSUSE Leap 42.2:glibc-profile-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-testsuite-2.22-10.1 openSUSE Leap 42.2:glibc-utils-2.22-10.1 openSUSE Leap 42.2:glibc-utils-32bit-2.22-10.1 openSUSE Leap 42.2:nscd-2.22-10.1 openSUSE Leap 42.3:glibc-2.22-10.1 openSUSE Leap 42.3:glibc-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-devel-2.22-10.1 openSUSE Leap 42.3:glibc-devel-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-devel-static-2.22-10.1 openSUSE Leap 42.3:glibc-devel-static-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-extra-2.22-10.1 openSUSE Leap 42.3:glibc-html-2.22-10.1 openSUSE Leap 42.3:glibc-i18ndata-2.22-10.1 openSUSE Leap 42.3:glibc-info-2.22-10.1 openSUSE Leap 42.3:glibc-locale-2.22-10.1 openSUSE Leap 42.3:glibc-locale-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-obsolete-2.22-10.1 openSUSE Leap 42.3:glibc-profile-2.22-10.1 openSUSE Leap 42.3:glibc-profile-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-testsuite-2.22-10.1 openSUSE Leap 42.3:glibc-utils-2.22-10.1 openSUSE Leap 42.3:glibc-utils-32bit-2.22-10.1 openSUSE Leap 42.3:nscd-2.22-10.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00040.html https://www.suse.com/security/cve/CVE-2017-15671.html CVE-2017-15671 https://bugzilla.suse.com/1064569 SUSE Bug 1064569 https://bugzilla.suse.com/1135444 SUSE Bug 1135444 The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. CVE-2017-15804 openSUSE Leap 42.2:glibc-2.22-10.1 openSUSE Leap 42.2:glibc-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-devel-2.22-10.1 openSUSE Leap 42.2:glibc-devel-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-devel-static-2.22-10.1 openSUSE Leap 42.2:glibc-devel-static-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-extra-2.22-10.1 openSUSE Leap 42.2:glibc-html-2.22-10.1 openSUSE Leap 42.2:glibc-i18ndata-2.22-10.1 openSUSE Leap 42.2:glibc-info-2.22-10.1 openSUSE Leap 42.2:glibc-locale-2.22-10.1 openSUSE Leap 42.2:glibc-locale-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-obsolete-2.22-10.1 openSUSE Leap 42.2:glibc-profile-2.22-10.1 openSUSE Leap 42.2:glibc-profile-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-testsuite-2.22-10.1 openSUSE Leap 42.2:glibc-utils-2.22-10.1 openSUSE Leap 42.2:glibc-utils-32bit-2.22-10.1 openSUSE Leap 42.2:nscd-2.22-10.1 openSUSE Leap 42.3:glibc-2.22-10.1 openSUSE Leap 42.3:glibc-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-devel-2.22-10.1 openSUSE Leap 42.3:glibc-devel-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-devel-static-2.22-10.1 openSUSE Leap 42.3:glibc-devel-static-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-extra-2.22-10.1 openSUSE Leap 42.3:glibc-html-2.22-10.1 openSUSE Leap 42.3:glibc-i18ndata-2.22-10.1 openSUSE Leap 42.3:glibc-info-2.22-10.1 openSUSE Leap 42.3:glibc-locale-2.22-10.1 openSUSE Leap 42.3:glibc-locale-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-obsolete-2.22-10.1 openSUSE Leap 42.3:glibc-profile-2.22-10.1 openSUSE Leap 42.3:glibc-profile-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-testsuite-2.22-10.1 openSUSE Leap 42.3:glibc-utils-2.22-10.1 openSUSE Leap 42.3:glibc-utils-32bit-2.22-10.1 openSUSE Leap 42.3:nscd-2.22-10.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00040.html https://www.suse.com/security/cve/CVE-2017-15804.html CVE-2017-15804 https://bugzilla.suse.com/1064580 SUSE Bug 1064580 elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. CVE-2017-16997 openSUSE Leap 42.2:glibc-2.22-10.1 openSUSE Leap 42.2:glibc-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-devel-2.22-10.1 openSUSE Leap 42.2:glibc-devel-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-devel-static-2.22-10.1 openSUSE Leap 42.2:glibc-devel-static-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-extra-2.22-10.1 openSUSE Leap 42.2:glibc-html-2.22-10.1 openSUSE Leap 42.2:glibc-i18ndata-2.22-10.1 openSUSE Leap 42.2:glibc-info-2.22-10.1 openSUSE Leap 42.2:glibc-locale-2.22-10.1 openSUSE Leap 42.2:glibc-locale-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-obsolete-2.22-10.1 openSUSE Leap 42.2:glibc-profile-2.22-10.1 openSUSE Leap 42.2:glibc-profile-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-testsuite-2.22-10.1 openSUSE Leap 42.2:glibc-utils-2.22-10.1 openSUSE Leap 42.2:glibc-utils-32bit-2.22-10.1 openSUSE Leap 42.2:nscd-2.22-10.1 openSUSE Leap 42.3:glibc-2.22-10.1 openSUSE Leap 42.3:glibc-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-devel-2.22-10.1 openSUSE Leap 42.3:glibc-devel-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-devel-static-2.22-10.1 openSUSE Leap 42.3:glibc-devel-static-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-extra-2.22-10.1 openSUSE Leap 42.3:glibc-html-2.22-10.1 openSUSE Leap 42.3:glibc-i18ndata-2.22-10.1 openSUSE Leap 42.3:glibc-info-2.22-10.1 openSUSE Leap 42.3:glibc-locale-2.22-10.1 openSUSE Leap 42.3:glibc-locale-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-obsolete-2.22-10.1 openSUSE Leap 42.3:glibc-profile-2.22-10.1 openSUSE Leap 42.3:glibc-profile-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-testsuite-2.22-10.1 openSUSE Leap 42.3:glibc-utils-2.22-10.1 openSUSE Leap 42.3:glibc-utils-32bit-2.22-10.1 openSUSE Leap 42.3:nscd-2.22-10.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00040.html https://www.suse.com/security/cve/CVE-2017-16997.html CVE-2017-16997 https://bugzilla.suse.com/1073231 SUSE Bug 1073231 In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. CVE-2018-1000001 openSUSE Leap 42.2:glibc-2.22-10.1 openSUSE Leap 42.2:glibc-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-devel-2.22-10.1 openSUSE Leap 42.2:glibc-devel-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-devel-static-2.22-10.1 openSUSE Leap 42.2:glibc-devel-static-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-extra-2.22-10.1 openSUSE Leap 42.2:glibc-html-2.22-10.1 openSUSE Leap 42.2:glibc-i18ndata-2.22-10.1 openSUSE Leap 42.2:glibc-info-2.22-10.1 openSUSE Leap 42.2:glibc-locale-2.22-10.1 openSUSE Leap 42.2:glibc-locale-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-obsolete-2.22-10.1 openSUSE Leap 42.2:glibc-profile-2.22-10.1 openSUSE Leap 42.2:glibc-profile-32bit-2.22-10.1 openSUSE Leap 42.2:glibc-testsuite-2.22-10.1 openSUSE Leap 42.2:glibc-utils-2.22-10.1 openSUSE Leap 42.2:glibc-utils-32bit-2.22-10.1 openSUSE Leap 42.2:nscd-2.22-10.1 openSUSE Leap 42.3:glibc-2.22-10.1 openSUSE Leap 42.3:glibc-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-devel-2.22-10.1 openSUSE Leap 42.3:glibc-devel-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-devel-static-2.22-10.1 openSUSE Leap 42.3:glibc-devel-static-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-extra-2.22-10.1 openSUSE Leap 42.3:glibc-html-2.22-10.1 openSUSE Leap 42.3:glibc-i18ndata-2.22-10.1 openSUSE Leap 42.3:glibc-info-2.22-10.1 openSUSE Leap 42.3:glibc-locale-2.22-10.1 openSUSE Leap 42.3:glibc-locale-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-obsolete-2.22-10.1 openSUSE Leap 42.3:glibc-profile-2.22-10.1 openSUSE Leap 42.3:glibc-profile-32bit-2.22-10.1 openSUSE Leap 42.3:glibc-testsuite-2.22-10.1 openSUSE Leap 42.3:glibc-utils-2.22-10.1 openSUSE Leap 42.3:glibc-utils-32bit-2.22-10.1 openSUSE Leap 42.3:nscd-2.22-10.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00040.html https://www.suse.com/security/cve/CVE-2018-1000001.html CVE-2018-1000001 https://bugzilla.suse.com/1074293 SUSE Bug 1074293 https://bugzilla.suse.com/1099047 SUSE Bug 1099047