First Last Prev Next    This bug is not in your last search results.
Bug 1064583 - (CVE-2017-15670) VUL-0: CVE-2017-15670: glibc: Buffer overflow in glob with GLOB_TILDE
(CVE-2017-15670)
VUL-0: CVE-2017-15670: glibc: Buffer overflow in glob with GLOB_TILDE
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Andreas Schwab
Security Team bot
https://smash.suse.de/issue/193878/
CVSSv3:SUSE:CVE-2017-15670:7.8:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-23 07:16 UTC by Alexander Bergmann
Modified: 2019-03-05 11:53 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-10-23 07:16:20 UTC 
rh#1504804

The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error
leading to a heap-based buffer overflow in the glob function in glob.c, related
to the processing of home directories using the ~ operator followed by a long
string.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1504804
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15670
http://seclists.org/oss-sec/2017/q4/119
http://www.cvedetails.com/cve/CVE-2017-15670/
https://sourceware.org/bugzilla/show_bug.cgi?id=22320
https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f
Comment 1 Bernhard Wiedemann 2017-10-23 12:01:23 UTC 
This is an autogenerated message for OBS integration:
This bug (1064583) was mentioned in
https://build.opensuse.org/request/show/535961 Factory / glibc
Comment 2 Swamp Workflow Management 2018-01-12 14:11:05 UTC 
SUSE-SU-2018:0074-1: An update that solves 7 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1051042,1053188,1063675,1064569,1064580,1064583,1070905,1071319,1073231,1074293
CVE References: CVE-2017-1000408,CVE-2017-1000409,CVE-2017-15670,CVE-2017-15671,CVE-2017-15804,CVE-2017-16997,CVE-2018-1000001
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    glibc-2.22-62.3.4
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    glibc-2.22-62.3.4
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    glibc-2.22-62.3.4
SUSE Linux Enterprise Server 12-SP3 (src):    glibc-2.22-62.3.4
SUSE Linux Enterprise Server 12-SP2 (src):    glibc-2.22-62.3.4
SUSE Linux Enterprise Desktop 12-SP3 (src):    glibc-2.22-62.3.4
SUSE Linux Enterprise Desktop 12-SP2 (src):    glibc-2.22-62.3.4
SUSE CaaS Platform ALL (src):    glibc-2.22-62.3.4
OpenStack Cloud Magnum Orchestration 7 (src):    glibc-2.22-62.3.4
Comment 3 Swamp Workflow Management 2018-01-15 14:11:41 UTC 
openSUSE-SU-2018:0089-1: An update that solves 7 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1051042,1053188,1063675,1064569,1064580,1064583,1070905,1071319,1073231,1074293
CVE References: CVE-2017-1000408,CVE-2017-1000409,CVE-2017-15670,CVE-2017-15671,CVE-2017-15804,CVE-2017-16997,CVE-2018-1000001
Sources used:
openSUSE Leap 42.3 (src):    glibc-2.22-10.1, glibc-testsuite-2.22-10.1, glibc-utils-2.22-10.1
openSUSE Leap 42.2 (src):    glibc-2.22-4.12.1, glibc-testsuite-2.22-4.12.1, glibc-utils-2.22-4.12.1
Comment 6 Swamp Workflow Management 2018-08-03 19:17:39 UTC 
SUSE-SU-2018:2185-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1051791,1064569,1064580,1064583,1094161
CVE References: CVE-2017-12132,CVE-2017-15670,CVE-2017-15671,CVE-2017-15804,CVE-2018-11236
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    glibc-2.19-40.16.950
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    glibc-2.19-40.16.950
Comment 7 Swamp Workflow Management 2018-08-03 19:19:24 UTC 
SUSE-SU-2018:2187-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1051791,1064569,1064580,1064583,1074293,1094161
CVE References: CVE-2017-12132,CVE-2017-15670,CVE-2017-15671,CVE-2017-15804,CVE-2018-1000001,CVE-2018-11236
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    glibc-2.19-22.27.958
Comment 14 Swamp Workflow Management 2018-09-14 06:10:14 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2018-09-21.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64143
Comment 16 Swamp Workflow Management 2018-09-26 16:26:45 UTC 
SUSE-SU-2018:2883-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1058774,1064580,1064583,941234
CVE References: CVE-2015-5180,CVE-2017-15670,CVE-2017-15804
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    glibc-2.11.3-17.110.19.2
SUSE Linux Enterprise Server 11-SP4 (src):    glibc-2.11.3-17.110.19.2
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    glibc-2.11.3-17.110.19.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    glibc-2.11.3-17.110.19.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    glibc-2.11.3-17.110.19.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    glibc-2.11.3-17.110.19.2
Comment 19 Andreas Schwab 2019-03-05 11:53:35 UTC 
Alll updates released.
First Last Prev Next    This bug is not in your last search results.