FEDORA-2018-f6b7df660d

security update in Fedora 29 for glibc

Status: stable 9 months ago

This update for the glibc package addresses one moderate security vulnerability and a minor defect:

  • CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a denial of service due to resource exhaustion when processing getaddrinfo calls with crafted host names. Reported by Guido Vranken. (#1654000)
  • Parallel building of locales led to nondeterminism in the RPM build process. (#1652228)

Comments 9

This update has been submitted for testing by fweimer.

This update has been pushed to testing.

No regressions found

karma: +1

Works.

karma: +1 critpath: +1

Works great! LGTM! =)

karma: +1

This update has been submitted for batched by bodhi.

No regressions noted.

karma: +1 critpath: +1

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+4
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 9 months ago
in testing 9 months ago
in stable 9 months ago

Related Bugs 2

00 #1652228 glibc: Do not use parallel make for building locales
00 #1654000 CVE-2018-19591 glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c [fedora-all]

Automated Test Results