You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa glibc

Sigurnosni nedostaci programskog paketa glibc

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2018-05-27 19:30:55.541742

Name : glibc
Product : Fedora 28
Version : 2.27
Release : 15.fc28
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

Update Information:

This update ensures that valgrind works again without installing glibc debuginfo
packages (RHBZ#1570246). It also addresses a security vulnerability in the
`mempcpy` implementation for the Intel Xeon Phi processors (CVE-2018-11237,
RHBZ#1581275). Furthermore, the switch to libidn2 uses the final upstream
patches (RHBZ#1452750(.

* Thu May 24 2018 Florian Weimer <> – 2.27-15
– Rebuild to add back .symtab section in (#1570246)
– Switch to upstream version of libidn2 removal (#1452750)
– Auto-sync with upstream branch release/2.27/master,
commit 50df56ca86a281c8fd99a8100aac75539813788d:
– CVE-2018-11237: Buffer overflow in mempcpy for Xeon Phi (#1581275)
* Thu May 17 2018 Florian Weimer <> – 2.27-14
– Do not run telinit u on upgrades (#1579225)
* Tue May 15 2018 Florian Weimer <> – 2.27-13
– Auto-sync with upstream branch release/2.27/master,
commit 0cd4a5e87f6885a2f15fe8e7eb7378d010cdb606:
– sunrpc: Remove stray exports (#1577210)
– gd_GB: Fix typo in abbreviated “May” (swbz#23152)
– realpath: Fix path length overflow (swbz#22786)
– elf: Fix stack overflow with huge PT_NOTE segment (swbz#20419)
– resolv: Fully initialize struct mmsghdr in send_dg (swbz#23037)
– manual: Various fixes to the mbstouwcs example, and mbrtowc update
– getlogin_r: return early when linux sentinel value is set
– resolv: Fix crash in resolver on memory allocation failure (swbz#23005)
– Fix signed integer overflow in random_r (swbz#17343)
– RISC-V: fix struct kernel_sigaction to match the kernel version (swbz#23069)
* Fri May 11 2018 Florian Weimer <> – 2.27-12
– Unconditionally build downstream with -mstackrealign for now
* Fri May 11 2018 Florian Weimer <> – 2.27-11
– Inherit compiler flags in the original order
* Fri May 11 2018 Florian Weimer <> – 2.27-10
– Inherit the -mstackrealign flag if it is set
* Fri May 11 2018 Florian Weimer <> – 2.27-9
– Use /usr/bin/python3 for benchmarks scripts (#1577223)

[ 1 ] Bug #1452750 – glibc: switch to libidn2
[ 2 ] Bug #1581275 – CVE-2018-11237 glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper [fedora-all]
[ 3 ] Bug #1570246 – glibc: When built with file 5.33, valgrind stops working due to RPM ELF processing [Fedora]

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-916dfe0d86’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorPetar Bertok
Cert idNCERT-REF-2018-05-0001-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa thunderbird

Otkriveni su sigurnosni nedostaci u programskom paketu thunderbird za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog...