安全公告详情

NS-SA-2019-0024

2019-07-17 14:55:39

简介

important: glibc/yum-utils security update

严重级别

important

主题

An update for glibc/yum-utils is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

glibc: The glibc-devel package contains the object files necessary for developing programs which use the standard C libraries (which are used by nearly all programs). If you are developing programs which will use the standard C libraries, your system needs to have these standard object files available in order to create the executables. Install glibc-devel if you are going to develop programs which will use the standard C libraries.
yum-utils: This NetworkManager "dispatch script" forces yum to check its cache if/when a new network connection happens in NetworkManager. Note that currently there is no checking of previous data, so if your WiFi keeps going up and down (or you suspend/resume a lot) yum will recheck its cached data a lot.


Security Fix(es):
glibc: The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.(CVE-2017-15670)
glibc: The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132)
glibc: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.(CVE-2017-15804)
glibc: res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).(CVE-2015-5180)
glibc: The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)
glibc: In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.(CVE-2018-1000001)
glibc: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.(CVE-2016-3706)
glibc: bugfix
yum-utils: A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files.(CVE-2018-10897)
yum-utils: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F6.

影响组件

  • glibc
  • yum-utils

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["glibc-static-2.17-222.el7.cgslv5.0.1.gd23aea5.x86_64.rpm","glibc-utils-2.17-222.el7.cgslv5.0.1.gd23aea5.x86_64.rpm","nscd-2.17-222.el7.cgslv5.0.1.gd23aea5.x86_64.rpm","glibc-2.17-222.el7.cgslv5.0.1.gd23aea5.x86_64.rpm","glibc-common-2.17-222.el7.cgslv5.0.1.gd23aea5.x86_64.rpm","glibc-debuginfo-2.17-222.el7.cgslv5.0.1.gd23aea5.x86_64.rpm","glibc-debuginfo-common-2.17-222.el7.cgslv5.0.1.gd23aea5.x86_64.rpm","glibc-devel-2.17-222.el7.cgslv5.0.1.gd23aea5.x86_64.rpm","glibc-headers-2.17-222.el7.cgslv5.0.1.gd23aea5.x86_64.rpm"],"source":"glibc-2.17-222.el7.cgslv5.0.1.gd23aea5.src.rpm"},{"binary":["yum-plugin-merge-conf-1.1.31-46.el7_5.noarch.rpm","yum-plugin-ovl-1.1.31-46.el7_5.noarch.rpm","yum-plugin-post-transaction-actions-1.1.31-46.el7_5.noarch.rpm","yum-plugin-pre-transaction-actions-1.1.31-46.el7_5.noarch.rpm","yum-plugin-priorities-1.1.31-46.el7_5.noarch.rpm","yum-plugin-protectbase-1.1.31-46.el7_5.noarch.rpm","yum-plugin-ps-1.1.31-46.el7_5.noarch.rpm","yum-plugin-remove-with-leaves-1.1.31-46.el7_5.noarch.rpm","yum-plugin-rpm-warm-cache-1.1.31-46.el7_5.noarch.rpm","yum-plugin-show-leaves-1.1.31-46.el7_5.noarch.rpm","yum-plugin-tmprepo-1.1.31-46.el7_5.noarch.rpm","yum-plugin-tsflags-1.1.31-46.el7_5.noarch.rpm","yum-plugin-upgrade-helper-1.1.31-46.el7_5.noarch.rpm","yum-plugin-verify-1.1.31-46.el7_5.noarch.rpm","yum-plugin-versionlock-1.1.31-46.el7_5.noarch.rpm","yum-updateonboot-1.1.31-46.el7_5.noarch.rpm","yum-utils-1.1.31-46.el7_5.noarch.rpm","yum-NetworkManager-dispatcher-1.1.31-46.el7_5.noarch.rpm","yum-plugin-aliases-1.1.31-46.el7_5.noarch.rpm","yum-plugin-auto-update-debug-info-1.1.31-46.el7_5.noarch.rpm","yum-plugin-changelog-1.1.31-46.el7_5.noarch.rpm","yum-plugin-copr-1.1.31-46.el7_5.noarch.rpm","yum-plugin-fastestmirror-1.1.31-46.el7_5.noarch.rpm","yum-plugin-filter-data-1.1.31-46.el7_5.noarch.rpm","yum-plugin-fs-snapshot-1.1.31-46.el7_5.noarch.rpm","yum-plugin-keys-1.1.31-46.el7_5.noarch.rpm","yum-plugin-list-data-1.1.31-46.el7_5.noarch.rpm","yum-plugin-local-1.1.31-46.el7_5.noarch.rpm"],"source":"yum-utils-1.1.31-46.el7_5.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["glibc-2.17-222.el7.cgslv5lite.0.6.g0d82438.x86_64.rpm","nscd-2.17-222.el7.cgslv5lite.0.6.g0d82438.x86_64.rpm","glibc-common-2.17-222.el7.cgslv5lite.0.6.g0d82438.x86_64.rpm","glibc-debuginfo-2.17-222.el7.cgslv5lite.0.6.g0d82438.x86_64.rpm","glibc-debuginfo-common-2.17-222.el7.cgslv5lite.0.6.g0d82438.x86_64.rpm","glibc-devel-2.17-222.el7.cgslv5lite.0.6.g0d82438.x86_64.rpm","glibc-headers-2.17-222.el7.cgslv5lite.0.6.g0d82438.x86_64.rpm","glibc-i18n-2.17-222.el7.cgslv5lite.0.6.g0d82438.x86_64.rpm","glibc-iconv-2.17-222.el7.cgslv5lite.0.6.g0d82438.x86_64.rpm","glibc-lang-2.17-222.el7.cgslv5lite.0.6.g0d82438.x86_64.rpm","glibc-locale-2.17-222.el7.cgslv5lite.0.6.g0d82438.x86_64.rpm","glibc-static-2.17-222.el7.cgslv5lite.0.6.g0d82438.x86_64.rpm","glibc-tools-2.17-222.el7.cgslv5lite.0.6.g0d82438.x86_64.rpm","glibc-utils-2.17-222.el7.cgslv5lite.0.6.g0d82438.x86_64.rpm"],"source":"glibc-2.17-222.el7.cgslv5lite.0.6.g0d82438.src.rpm"},{"binary":["yum-plugin-auto-update-debug-info-1.1.31-46.el7_5.noarch.rpm","yum-plugin-changelog-1.1.31-46.el7_5.noarch.rpm","yum-plugin-copr-1.1.31-46.el7_5.noarch.rpm","yum-plugin-fastestmirror-1.1.31-46.el7_5.noarch.rpm","yum-plugin-filter-data-1.1.31-46.el7_5.noarch.rpm","yum-plugin-fs-snapshot-1.1.31-46.el7_5.noarch.rpm","yum-plugin-keys-1.1.31-46.el7_5.noarch.rpm","yum-plugin-list-data-1.1.31-46.el7_5.noarch.rpm","yum-plugin-local-1.1.31-46.el7_5.noarch.rpm","yum-plugin-merge-conf-1.1.31-46.el7_5.noarch.rpm","yum-plugin-ovl-1.1.31-46.el7_5.noarch.rpm","yum-plugin-post-transaction-actions-1.1.31-46.el7_5.noarch.rpm","yum-plugin-pre-transaction-actions-1.1.31-46.el7_5.noarch.rpm","yum-plugin-priorities-1.1.31-46.el7_5.noarch.rpm","yum-plugin-protectbase-1.1.31-46.el7_5.noarch.rpm","yum-plugin-ps-1.1.31-46.el7_5.noarch.rpm","yum-plugin-remove-with-leaves-1.1.31-46.el7_5.noarch.rpm","yum-plugin-rpm-warm-cache-1.1.31-46.el7_5.noarch.rpm","yum-plugin-show-leaves-1.1.31-46.el7_5.noarch.rpm","yum-plugin-tmprepo-1.1.31-46.el7_5.noarch.rpm","yum-plugin-tsflags-1.1.31-46.el7_5.noarch.rpm","yum-plugin-upgrade-helper-1.1.31-46.el7_5.noarch.rpm","yum-plugin-verify-1.1.31-46.el7_5.noarch.rpm","yum-plugin-versionlock-1.1.31-46.el7_5.noarch.rpm","yum-updateonboot-1.1.31-46.el7_5.noarch.rpm","yum-utils-1.1.31-46.el7_5.noarch.rpm","yum-NetworkManager-dispatcher-1.1.31-46.el7_5.noarch.rpm","yum-plugin-aliases-1.1.31-46.el7_5.noarch.rpm"],"source":"yum-utils-1.1.31-46.el7_5.src.rpm"}]}]}

CVE

参考