SUSE-SU-2018:0451-1

Description

Security update for glibc This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930) - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791) - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036) - CVE-2018-1000001: Avoid underflow of malloced area (bsc#1074293) Non security bugs fixed: - Release read lock after resetting timeout (bsc#1073990)

Affected Systems

• suse•glibc&distro=SUSE Linux Enterprise Desktop 12 SP2

  < 2.22-62.6.2

• suse•glibc&distro=SUSE Linux Enterprise Desktop 12 SP3

  < 2.22-62.6.2

• suse•glibc&distro=SUSE Linux Enterprise Server 12 SP2

  < 2.22-62.6.2

• suse•glibc&distro=SUSE Linux Enterprise Server 12 SP3

  < 2.22-62.6.2

• suse•glibc&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

  < 2.22-62.6.2

• suse•glibc&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2

  < 2.22-62.6.2

• suse•glibc&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3

  < 2.22-62.6.2

• suse•glibc&distro=SUSE Linux Enterprise Software Development Kit 12 SP2

  < 2.22-62.6.2

• suse•glibc&distro=SUSE Linux Enterprise Software Development Kit 12 SP3

  < 2.22-62.6.2

References (11)

• https://www.suse.com/support/update/announcement/2018/suse-su-20180451-1/
• https://bugzilla.suse.com/1037930
• https://bugzilla.suse.com/1051791
• https://bugzilla.suse.com/1073990
• https://bugzilla.suse.com/1074293
• https://bugzilla.suse.com/1079036
• https://www.suse.com/security/cve/CVE-2017-12132
• https://www.suse.com/security/cve/CVE-2017-8804
• https://www.suse.com/security/cve/CVE-2018-1000001
• https://www.suse.com/security/cve/CVE-2018-6485
• https://www.suse.com/security/cve/CVE-2018-6551