FEDORA-2018-060302dc83

security update in Fedora 28 for glibc

Status: stable 7 months ago

This update for the glibc package addresses one moderate security vulnerability and several defects.

  • CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a denial of service due to resource exhaustion when processing getaddrinfo calls with crafted host names. Reported by Guido Vranken. (#1654000)
  • Failure to create the helper thread for getaddrinfo_a/libanl could result in a crash. (#1646381)
  • On certain Haswell-class Intel CPUs, string function feature flags could be set incorrectly, leading to a suboptimal choice of string functions. (#1641980)
  • Parallel building of locales led to nondeterminism in the RPM build process. (#1652228)
  • Various minor bug fixes from the upstream 2.27 release branch were imported as part of this update (swbz#17630, swbz#22753, swbz#23275, swbz#23562, swbz#23579, swbz#23822).

How to install

sudo dnf upgrade --advisory=FEDORA-2018-060302dc83

Comments 10

This update has been submitted for testing by fweimer.

This update has been pushed to testing.

works for me

karma: +1

no regressions noted

karma: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

$ root dnf update Last metadata expiration check: 0:02:25 ago on Tue 04 Dec 2018 01:03:34 PM CST. Dependencies resolved.

Problem 1: cannot install both glibc-headers-2.27-35.fc28.x86_64 and glibc-headers-2.27-32.fc28.x86_64 - glibc-headers-2.27-32.fc28.i686 has inferior architecture - cannot install the best update candidate for package glibc-headers-2.27-32.fc28.x86_64 - problem with installed package glibc-headers-2.27-32.fc28.i686 Problem 2: package glibc-headers-2.27-32.fc28.i686 requires glibc = 2.27-32.fc28, but none of the providers can be installed - cannot install both glibc-2.27-35.fc28.i686 and glibc-2.27-32.fc28.i686 - cannot install both glibc-2.27-35.fc28.x86_64 and glibc-2.27-32.fc28.x86_64 - cannot install the best update candidate for package glibc-headers-2.27-32.fc28.i686 - cannot install the best update candidate for package glibc-2.27-32.fc28.i686 - cannot install the best update candidate for package glibc-2.27-32.fc28.x86_64 ================================================================================ Package Arch Version Repository Size ================================================================================ Skipping packages with conflicts: (add '--best --allowerasing' to command line to force their upgrade): glibc i686 2.27-35.fc28 updates 3.4 M glibc x86_64 2.27-35.fc28 updates 3.6 M glibc-headers x86_64 2.27-35.fc28 updates 460 k

Transaction Summary

Skip 3 Packages

Nothing to do. Complete!

karma: -1
# dnf upgrade
Last metadata expiration check: 0:33:35 ago on Sat 08 Dec 2018 01:28:02 PM CET.
Dependencies resolved.

 Problem 1: cannot install both glibc-headers-2.27-35.fc28.x86_64 and glibc-headers-2.27-32.fc28.x86_64
  - glibc-headers-2.27-32.fc28.i686 has inferior architecture
  - cannot install the best update candidate for package glibc-headers-2.27-32.fc28.x86_64
  - problem with installed package glibc-headers-2.27-32.fc28.i686
 Problem 2: package glibc-headers-2.27-32.fc28.i686 requires glibc = 2.27-32.fc28, but none of the providers can be installed
  - cannot install both glibc-2.27-35.fc28.i686 and glibc-2.27-32.fc28.i686
  - cannot install both glibc-2.27-35.fc28.x86_64 and glibc-2.27-32.fc28.x86_64
  - cannot install the best update candidate for package glibc-headers-2.27-32.fc28.i686
  - cannot install the best update candidate for package glibc-2.27-32.fc28.i686
  - cannot install the best update candidate for package glibc-2.27-32.fc28.x86_64
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+2
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 8 months ago
in testing 8 months ago
in stable 7 months ago

Related Bugs 5

00 #1641980 glibc: Incorrect analysis of x86 CPU features selects wrong string functions
00 #1646381 glibc: Crash in getaddrinfo_a when thread creation fails
00 #1652228 glibc: Do not use parallel make for building locales
00 #1653993 CVE-2018-19591 glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c
00 #1654000 CVE-2018-19591 glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c [fedora-all]

Automated Test Results