FEDORA-2017-2c63df4fe3 — security update for glibc

stable

glibc-2.25-12.fc26

FEDORA-2017-2c63df4fe3 created by fweimer 7 years ago for Fedora 26

This update addresses various minor issues in the glibc package:

The DNS stub resolver now picks up changes to /etc/resolv.conf automatically (#1374239).
The DNS stub resolver supports an unlimited number of search domains (#168253).
CVE-2015-5180, a segmentation fault potentially affecting applications which use the DNS stub resolver in an unusual way, has been fixed (#1251403).
/var/db/Makefile is now shipped in the nss_db package (#1498900).
The IBM858 character set is now supported (#1416405).
The compat NSS service module is again part of the main glibc package (#1400538).
A pointer alignment/endianess issue was fixed in the NSS group merging implementation (#1471985).

Reboot Required

After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2017-2c63df4fe3

This update has been submitted for testing by fweimer.

7 years ago

This update has been pushed to testing.

7 years ago

cserpentis commented & provided feedback 7 years ago

karma

works for me

fweimer edited this update.

New build(s):

glibc-2.25-12.fc26

Removed build(s):

glibc-2.25-11.fc26

Karma has been reset.

7 years ago

This update has been submitted for testing by fweimer.

7 years ago

This update has been pushed to testing.

7 years ago

bojan commented & provided feedback 7 years ago

karma

Everything still seems to work.

nucleo commented & provided feedback 7 years ago

karma

Error:

Problem 1: package libcrypt-2.25-10.fc26.i686 requires glibc(x86-32) = 2.25-10.fc26, but none of the providers can be installed

cannot install both glibc-2.25-12.fc26.i686 and glibc-2.25-10.fc26.i686
cannot install both glibc-2.25-10.fc26.i686 and glibc-2.25-12.fc26.i686
cannot install the best update candidate for package libcrypt-2.25-10.fc26.i686
cannot install the best update candidate for package glibc-2.25-10.fc26.i686

Problem 2: package pam-1.3.0-2.fc26.i686 requires libcrypt.so.1, but none of the providers can be installed

libcrypt-2.25-10.fc26.i686 has inferior architecture
libcrypt-2.25-6.fc26.i686 has inferior architecture
cannot install both libcrypt-2.25-12.fc26.x86_64 and libcrypt-2.25-10.fc26.x86_64
package libcrypt-nss-2.25-12.fc26.i686 conflicts with libcrypt provided by libcrypt-2.25-12.fc26.x86_64
cannot install both libcrypt-2.25-10.fc26.x86_64 and libcrypt-2.25-12.fc26.x86_64
package libcrypt-nss-2.25-10.fc26.i686 conflicts with libcrypt provided by libcrypt-2.25-12.fc26.x86_64
cannot install both libcrypt-2.25-6.fc26.x86_64 and libcrypt-2.25-12.fc26.x86_64
package libcrypt-nss-2.25-6.fc26.i686 conflicts with libcrypt provided by libcrypt-2.25-12.fc26.x86_64
cannot install the best update candidate for package pam-1.3.0-2.fc26.i686
cannot install the best update candidate for package libcrypt-2.25-10.fc26.x86_64

Problem 3: package cups-libs-1:2.2.2-7.fc26.i686 requires libcrypt.so.1, but none of the providers can be installed

package libcrypt-nss-2.25-12.fc26.i686 conflicts with libcrypt provided by libcrypt-2.25-12.fc26.x86_64
package libcrypt-2.25-10.fc26.i686 requires glibc(x86-32) = 2.25-10.fc26, but none of the providers can be installed
problem with installed package libcrypt-2.25-10.fc26.x86_64
libcrypt-nss-2.25-10.fc26.i686 has inferior architecture
package libcrypt-2.25-6.fc26.i686 requires glibc(x86-32) = 2.25-6.fc26, but none of the providers can be installed
libcrypt-nss-2.25-6.fc26.i686 has inferior architecture
glibc-2.25-10.fc26.i686 has inferior architecture
package libcrypt-2.25-10.fc26.x86_64 requires glibc(x86-64) = 2.25-10.fc26, but none of the providers can be installed
package libcrypt-nss-2.25-10.fc26.x86_64 requires glibc(x86-64) = 2.25-10.fc26, but none of the providers can be installed
glibc-2.25-6.fc26.i686 has inferior architecture
package libcrypt-nss-2.25-6.fc26.x86_64 requires glibc(x86-64) = 2.25-6.fc26, but none of the providers can be installed
cannot install both glibc-2.25-12.fc26.x86_64 and glibc-2.25-10.fc26.x86_64
cannot install both glibc-2.25-10.fc26.x86_64 and glibc-2.25-12.fc26.x86_64
cannot install both glibc-2.25-6.fc26.x86_64 and glibc-2.25-12.fc26.x86_64
cannot install the best update candidate for package glibc-2.25-10.fc26.x86_64
cannot install the best update candidate for package cups-libs-1:2.2.2-7.fc26.i686

Problem 4: problem with installed package libcrypt-2.25-10.fc26.i686

package libcrypt-2.25-10.fc26.i686 requires glibc(x86-32) = 2.25-10.fc26, but none of the providers can be installed
package glibc-2.25-10.fc26.i686 requires glibc-common = 2.25-10.fc26, but none of the providers can be installed
cannot install both glibc-common-2.25-12.fc26.x86_64 and glibc-common-2.25-10.fc26.x86_64
cannot install both glibc-common-2.25-10.fc26.x86_64 and glibc-common-2.25-12.fc26.x86_64
cannot install the best update candidate for package glibc-common-2.25-10.fc26.x86_64

(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages)

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

7 years ago

pwalter commented & provided feedback 7 years ago

karma

Works

hwti commented & provided feedback 7 years ago

It seems the x86_64 fedora-update-testing doesn't have libcrypt-nss-2.26-14.fc27.i686, unlike the x86_64 fedora repo which has libcrypt-nss-2.26-8.fc27.i686. However, it has both libcrypt-2.26-14.fc27, so the update worked for we with --allowerasing (it removed both libcrypt-nss and switched to libcrypt).

hwti commented & provided feedback 7 years ago

Sorry, wrong update. f26 doesn't seem to have the issue, but @nucleo's comment suggested an issue similar to f27.

nucleo commented & provided feedback 7 years ago

karma

This time update installed without this issue.

This update has been submitted for batched by fweimer.

7 years ago

trobotham commented & provided feedback 7 years ago

karma

Works

BZ#1471985 glibc: Incorrect pointer alignment in NSS group merge result construction

BZ#1498900 glibc: /var/db/Makefile should be shipped in nss_db, not nss_hesiod

BZ#1400538 glibc: nss_compat should be shipped in the glibc package

BZ#1416405 glibc: add ibm-858 to list of charsets for iconv

BZ#1251403 CVE-2015-5180 glibc: DNS resolver NULL pointer dereference with crafted record type [fedora-all]

BZ#1374239 glibc: Detect and apply /etc/resolv.conf changes in libresolv

BZ#168253 glibc: support an arbitrary number of search domains in the stub resolver

This update has been submitted for stable by bodhi.

7 years ago

This update has been pushed to stable.

7 years ago

anonymous commented & provided feedback 7 years ago

Has the fix for "The DNS stub resolver now picks up changes to /etc/resolv.conf automatically (#1374239)." made it into RHEL 6 and 7?

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

disabled

Stable by Time

disabled

Dates

submitted

7 years ago

in testing

7 years ago

in stable

7 years ago

modified

7 years ago

Builds

glibc-2.25-12.fc26

BZ#168253 glibc: support an arbitrary number of search domains in the stub resolver

BZ#1251403 CVE-2015-5180 glibc: DNS resolver NULL pointer dereference with crafted record type [fedora-all]

BZ#1374239 glibc: Detect and apply /etc/resolv.conf changes in libresolv

BZ#1400538 glibc: nss_compat should be shipped in the glibc package

BZ#1416405 glibc: add ibm-858 to list of charsets for iconv

BZ#1471985 glibc: Incorrect pointer alignment in NSS group merge result construction

BZ#1498900 glibc: /var/db/Makefile should be shipped in nss_db, not nss_hesiod

glibc-2.25-12.fc26

Automated Test Results

None