FEDORA-2018-7714b514e2 created by fweimer 2 years ago for Fedora 27
stable

This update addresses two security vulnerabilities:

  • CVE-2017-16997: Check for empty tokens before dynamic string token expansion in the dynamic linker, so that pre-existing privileged programs with $ORIGIN rpaths/runpaths do not cause the dynamic linker to search the current directory, potentially leading to privilege escalation. (#1526866).
  • CVE-2018-1000001: getcwd would sometimes return a non-absolute path, confusing the realpath function, leading to privilege escalation in conjunction with user namespaces. (#1533837)

In addition, this update changes the thread stack size accounting to provide additional stack space compared to previous glibc versions. For some applications (nptd in particular), the PTHREAD_STACK_MIN stack size was too small on x86-64 machines with AVX-512 support (#1527887).

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-7714b514e2

This update has been submitted for testing by fweimer.

2 years ago
User Icon bluepencil commented & provided feedback 2 years ago
karma
  • System operates without any conspicuous issues.

  • Successfully passed all custom kernel compilations.

This update has been pushed to testing.

2 years ago
User Icon lnie commented & provided feedback 2 years ago
karma

works

User Icon gtwilliams commented & provided feedback 2 years ago
karma

wfm

This update has been submitted for batched by bodhi.

2 years ago
User Icon pwalter commented & provided feedback 2 years ago
karma

Works

works for me; ntpd is now happy on Silver 4114 Xeon CPU where it was previously dumping core

User Icon jayjayjazz commented & provided feedback 2 years ago
karma

Works fine for me on x86_64.

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
5
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#1526866 CVE-2017-16997 glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries [fedora-all]
0
0
BZ#1527887 glibc: PTHREAD_STACK_MIN is too small on x86-64
0
0
BZ#1533837 CVE-2018-1000001 glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation [fedora-all]
0
0

Automated Test Results