Bugzilla – Bug 1064569
VUL-1: CVE-2017-15671: glibc: Memory leak in glob with GLOB_TILDE
Last modified: 2021-05-06 16:33:58 UTC
rh#1504806 The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). References: https://bugzilla.redhat.com/show_bug.cgi?id=1504806 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15671 http://seclists.org/oss-sec/2017/q4/119 http://www.cvedetails.com/cve/CVE-2017-15671/ https://sourceware.org/bugzilla/show_bug.cgi?id=22325 https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f
This is an autogenerated message for OBS integration: This bug (1064569) was mentioned in https://build.opensuse.org/request/show/535961 Factory / glibc
SUSE-SU-2018:0074-1: An update that solves 7 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1051042,1053188,1063675,1064569,1064580,1064583,1070905,1071319,1073231,1074293 CVE References: CVE-2017-1000408,CVE-2017-1000409,CVE-2017-15670,CVE-2017-15671,CVE-2017-15804,CVE-2017-16997,CVE-2018-1000001 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): glibc-2.22-62.3.4 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): glibc-2.22-62.3.4 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): glibc-2.22-62.3.4 SUSE Linux Enterprise Server 12-SP3 (src): glibc-2.22-62.3.4 SUSE Linux Enterprise Server 12-SP2 (src): glibc-2.22-62.3.4 SUSE Linux Enterprise Desktop 12-SP3 (src): glibc-2.22-62.3.4 SUSE Linux Enterprise Desktop 12-SP2 (src): glibc-2.22-62.3.4 SUSE CaaS Platform ALL (src): glibc-2.22-62.3.4 OpenStack Cloud Magnum Orchestration 7 (src): glibc-2.22-62.3.4
openSUSE-SU-2018:0089-1: An update that solves 7 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1051042,1053188,1063675,1064569,1064580,1064583,1070905,1071319,1073231,1074293 CVE References: CVE-2017-1000408,CVE-2017-1000409,CVE-2017-15670,CVE-2017-15671,CVE-2017-15804,CVE-2017-16997,CVE-2018-1000001 Sources used: openSUSE Leap 42.3 (src): glibc-2.22-10.1, glibc-testsuite-2.22-10.1, glibc-utils-2.22-10.1 openSUSE Leap 42.2 (src): glibc-2.22-4.12.1, glibc-testsuite-2.22-4.12.1, glibc-utils-2.22-4.12.1
SUSE-SU-2018:2185-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1051791,1064569,1064580,1064583,1094161 CVE References: CVE-2017-12132,CVE-2017-15670,CVE-2017-15671,CVE-2017-15804,CVE-2018-11236 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): glibc-2.19-40.16.950 SUSE Linux Enterprise Server 12-SP1-LTSS (src): glibc-2.19-40.16.950
SUSE-SU-2018:2187-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1051791,1064569,1064580,1064583,1074293,1094161 CVE References: CVE-2017-12132,CVE-2017-15670,CVE-2017-15671,CVE-2017-15804,CVE-2018-1000001,CVE-2018-11236 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): glibc-2.19-22.27.958
can you also submit for sle15, as there was an update submitted?
See comment#1.
ah missed that. adjusted our tracking to mark it as already fixed in GA.
SUSE-SU-2018:4067-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1064569,1110170,1110174 CVE References: CVE-2017-15671 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): glibc-2.11.3-17.110.24.2 SUSE Linux Enterprise Server 11-SP4 (src): glibc-2.11.3-17.110.24.2 SUSE Linux Enterprise Server 11-SP3-LTSS (src): glibc-2.11.3-17.110.24.2 SUSE Linux Enterprise Point of Sale 11-SP3 (src): glibc-2.11.3-17.110.24.2 SUSE Linux Enterprise Debuginfo 11-SP4 (src): glibc-2.11.3-17.110.24.2 SUSE Linux Enterprise Debuginfo 11-SP3 (src): glibc-2.11.3-17.110.24.2
Resolved.