This update addresses two security vulnerabilities:
$ORIGINrpaths/runpaths do not cause the dynamic linker to search the current directory, potentially leading to privilege escalation. (#1526866).
getcwdwould sometimes return a non-absolute path, confusing the
realpathfunction, leading to privilege escalation in conjunction with user namespaces. (#1533837)
In addition, this update changes the thread stack size accounting to provide additional stack space compared to previous glibc versions. For some applications (
nptd in particular), the
PTHREAD_STACK_MIN stack size was too small on x86-64 machines with AVX-512 support (#1527887).
sudo dnf upgrade --advisory=FEDORA-2018-7714b514e2
Please login to add feedback.