SUSE-SU-2020:0832-1
Vulnerability Summary
Timeline
Description
Security update for glibc This update for glibc fixes the following issues: - CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution (bsc#1167631). - CVE-2020-1751: Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - CVE-2020-10029: Fixed a stack buffer overflow during range reduction (bsc#1165784). - Use 'posix_spawn' on popen preventing crash caused by 'subprocess'. (bsc#1149332, BZ #22834) - Fix handling of needles crossing a page, preventing incorrect results to return during the cross page boundary search. (bsc#1157893, BZ #25226)
Affected Systems
- suse•glibc&distro=SUSE Linux Enterprise Server 12 SP4
< 2.22-100.21.5
- suse•glibc&distro=SUSE Linux Enterprise Server 12 SP5
< 2.22-100.21.5
- suse•glibc&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
< 2.22-100.21.5
- suse•glibc&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
< 2.22-100.21.5
- suse•glibc&distro=SUSE Linux Enterprise Software Development Kit 12 SP4
< 2.22-100.21.5
- suse•glibc&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
< 2.22-100.21.5
References (9)
- https://www.suse.com/support/update/announcement/2020/suse-su-20200832-1/
- https://bugzilla.suse.com/1149332
- https://bugzilla.suse.com/1157893
- https://bugzilla.suse.com/1158996
- https://bugzilla.suse.com/1165784
- https://bugzilla.suse.com/1167631
- https://www.suse.com/security/cve/CVE-2020-10029
- https://www.suse.com/security/cve/CVE-2020-1751
- https://www.suse.com/security/cve/CVE-2020-1752