This update addresses two security vulnerabilities:
glob64function. (#1505298, RHBZ##1504807)
$ORIGINrpaths/runpaths do not cause the dynamic linker to search the current directory, potentially leading to privilege escalation. (#1526866).
getcwdwould sometimes return a non-absolute path, confusing the
realpathfunction, leading to privilege escalation in conjunction with user namespaces. (#1533837)
In addition, this update replaces the dynamic linker trampoline on x86-64 with a version which uses the
XSAVE instruction if it is available. This improves compatibility with future hardware and compilers which do not follow the x86-64 ABI. This update also adjusts the thread stack size accounting to provide additional stack space compared to previous glibc versions (to avoid introducing #1527887).
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2018-8e27ad96ed
Please login to add feedback.