This update addresses two security vulnerabilities:
$ORIGIN rpaths/runpaths do not cause the dynamic linker to search the current directory, potentially leading to privilege escalation. (#1526866).getcwd would sometimes return a non-absolute path, confusing the realpath function, leading to privilege escalation in conjunction with user namespaces. (#1533837) In addition, this update changes the thread stack size accounting to provide additional stack space compared to previous glibc versions. For some applications (nptd in particular), the PTHREAD_STACK_MIN stack size was too small on x86-64 machines with AVX-512 support (#1527887).
Please login to add feedback.
| submitted | 2 years ago |
| in testing | 2 years ago |
| in stable | 2 years ago |
| 0 | 0 | #1526866 CVE-2017-16997 glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries [fedora-all] |
| 0 | 0 | #1527887 glibc: PTHREAD_STACK_MIN is too small on x86-64 |
| 0 | 0 | #1533837 CVE-2018-1000001 glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation [fedora-all] |
fweimer
This update has been submitted for testing by fweimer.
System operates without any conspicuous issues.
Successfully passed all custom kernel compilations.
This update has been pushed to testing.
works
wfm
This update has been submitted for batched by bodhi.
Works
works for me; ntpd is now happy on Silver 4114 Xeon CPU where it was previously dumping core
Works fine for me on x86_64.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.