Bug 1079036 - (CVE-2018-6485) VUL-0: CVE-2018-6485, CVE-2018-6551: glibc: An integer overflow in the implementation of the posix_memalign in memalign functions could cause these functions to return a pointer to a heap area that is too small
(CVE-2018-6485)
VUL-0: CVE-2018-6485, CVE-2018-6551: glibc: An integer overflow in the implem...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Andreas Schwab
Security Team bot
https://smash.suse.de/issue/199320/
CVSSv3:SUSE:CVE-2018-6485:5.6:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-02 10:37 UTC by Karol Babioch
Modified: 2018-02-28 23:37 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
karol: needinfo? (schwab)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-02-02 10:37:38 UTC
CVE-2018-6485

An integer overflow in the implementation of the posix_memalign in memalign
functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause
these functions to return a pointer to a heap area that is too small,
potentially leading to heap corruption.

All maintained codestreams are affected:

- SUSE:SLE-10-SP3:Update
- SUSE:SLE-11-SP1:Update 
- SUSE:SLE-11-SP3:Update 
- SUSE:SLE-12-SP2:Update 

Upstream fix is already available: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6485
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6485.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878159
http://www.cvedetails.com/cve/CVE-2018-6485/
https://sourceware.org/bugzilla/show_bug.cgi?id=22343
Comment 2 Swamp Workflow Management 2018-02-06 11:30:06 UTC
This is an autogenerated message for OBS integration:
This bug (1079036) was mentioned in
https://build.opensuse.org/request/show/573257 Factory / glibc
Comment 6 Swamp Workflow Management 2018-02-15 17:11:50 UTC
SUSE-SU-2018:0451-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1037930,1051791,1073990,1074293,1079036
CVE References: CVE-2017-12132,CVE-2017-8804,CVE-2018-1000001,CVE-2018-6485,CVE-2018-6551
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    glibc-2.22-62.6.2
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    glibc-2.22-62.6.2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    glibc-2.22-62.6.2
SUSE Linux Enterprise Server 12-SP3 (src):    glibc-2.22-62.6.2
SUSE Linux Enterprise Server 12-SP2 (src):    glibc-2.22-62.6.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    glibc-2.22-62.6.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    glibc-2.22-62.6.2
SUSE CaaS Platform ALL (src):    glibc-2.22-62.6.2
OpenStack Cloud Magnum Orchestration 7 (src):    glibc-2.22-62.6.2
Comment 8 Swamp Workflow Management 2018-02-20 17:15:05 UTC
openSUSE-SU-2018:0494-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1037930,1051791,1073990,1074293,1079036
CVE References: CVE-2017-12132,CVE-2017-8804,CVE-2018-1000001,CVE-2018-6485,CVE-2018-6551
Sources used:
openSUSE Leap 42.3 (src):    glibc-2.22-13.2, glibc-testsuite-2.22-13.2, glibc-utils-2.22-13.2
Comment 9 Swamp Workflow Management 2018-02-28 20:08:23 UTC
SUSE-SU-2018:0565-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1037930,1051791,1074293,1079036,978209
CVE References: CVE-2017-12132,CVE-2017-8804,CVE-2018-1000001,CVE-2018-6485,CVE-2018-6551
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    glibc-2.11.3-17.110.6.2
SUSE Linux Enterprise Server 11-SP4 (src):    glibc-2.11.3-17.110.6.2
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    glibc-2.11.3-17.110.6.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    glibc-2.11.3-17.110.6.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    glibc-2.11.3-17.110.6.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    glibc-2.11.3-17.110.6.2