Security update for glibc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:1560-1 Final 1 1 2021-12-10T11:06:35Z current 2021-12-10T11:06:35Z 2021-12-10T11:06:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glibc This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-1560 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4LDTHO3OJZ2XD7I3ONIRIUSKEMP42OY2/ E-Mail link for openSUSE-SU-2021:1560-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1027496 SUSE Bug 1027496 https://bugzilla.suse.com/1183085 SUSE Bug 1183085 https://www.suse.com/security/cve/CVE-2016-10228/ SUSE CVE CVE-2016-10228 page openSUSE Leap 15.2 glibc-2.26-lp152.26.12.1 glibc-32bit-2.26-lp152.26.12.1 glibc-devel-2.26-lp152.26.12.1 glibc-devel-32bit-2.26-lp152.26.12.1 glibc-devel-static-2.26-lp152.26.12.1 glibc-devel-static-32bit-2.26-lp152.26.12.1 glibc-extra-2.26-lp152.26.12.1 glibc-html-2.26-lp152.26.12.1 glibc-i18ndata-2.26-lp152.26.12.1 glibc-info-2.26-lp152.26.12.1 glibc-locale-2.26-lp152.26.12.1 glibc-locale-base-2.26-lp152.26.12.1 glibc-locale-base-32bit-2.26-lp152.26.12.1 glibc-profile-2.26-lp152.26.12.1 glibc-profile-32bit-2.26-lp152.26.12.1 glibc-utils-2.26-lp152.26.12.1 glibc-utils-32bit-2.26-lp152.26.12.1 nscd-2.26-lp152.26.12.1 glibc-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-32bit-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-devel-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-devel-32bit-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-devel-static-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-devel-static-32bit-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-extra-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-html-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-i18ndata-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-info-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-locale-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-locale-base-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-locale-base-32bit-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-profile-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-profile-32bit-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-utils-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 glibc-utils-32bit-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 nscd-2.26-lp152.26.12.1 as a component of openSUSE Leap 15.2 The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. CVE-2016-10228 openSUSE Leap 15.2:glibc-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-32bit-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-devel-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-devel-32bit-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-devel-static-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-devel-static-32bit-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-extra-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-html-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-i18ndata-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-info-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-locale-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-locale-base-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-locale-base-32bit-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-profile-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-profile-32bit-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-utils-2.26-lp152.26.12.1 openSUSE Leap 15.2:glibc-utils-32bit-2.26-lp152.26.12.1 openSUSE Leap 15.2:nscd-2.26-lp152.26.12.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4LDTHO3OJZ2XD7I3ONIRIUSKEMP42OY2/ https://www.suse.com/security/cve/CVE-2016-10228.html CVE-2016-10228 https://bugzilla.suse.com/1027496 SUSE Bug 1027496 https://bugzilla.suse.com/1123874 SUSE Bug 1123874