This update addresses two security vulnerabilities:
$ORIGINrpaths/runpaths do not cause the dynamic linker to search the current directory, potentially leading to privilege escalation. (#1526866).
getcwdwould sometimes return a non-absolute path, confusing the
realpathfunction, leading to privilege escalation in conjunction with user namespaces. (#1533837)
In addition, this update changes the thread stack size accounting to provide additional stack space compared to previous glibc versions. For some applications (
nptd in particular), the
PTHREAD_STACK_MIN stack size was too small on x86-64 machines with AVX-512 support (#1527887).
Please login to add feedback.
|submitted||2 years ago|
|in testing||2 years ago|
|in stable||2 years ago|
|0||0||#1526866 CVE-2017-16997 glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries [fedora-all]|
|0||0||#1527887 glibc: PTHREAD_STACK_MIN is too small on x86-64|
|0||0||#1533837 CVE-2018-1000001 glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation [fedora-all]|