MGASA-2018-0293

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2017-18269 CVE-2018-11236

Published: 24 Jun 2018, 22:02

Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

24 Jun 2018, 22:02

Published

Vulnerability first disclosed

16 Apr 2026, 06:24

Last Modified

Vulnerability information updated

Description

Updated glibc packages fix security vulnerabilities Updated glibc packages fix security vulnerabilities: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution (CVE-2017-18269). stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution (CVE-2018-11236).

Affected Systems

mageia•glibc
< 2.22-29.mga6

MGASA-2018-0293

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)