Security update for glibc

SUSE Security Update: Security update for glibc
Announcement ID: SUSE-SU-2018:1562-2
Rating: important
References: #1086690 #1094150 #1094154 #1094161
Cross-References:CVE-2017-18269 CVE-2018-11236 CVE-2018-11237
Affected Products:
  • SUSE Linux Enterprise Server 12-SP2-BCL

An update that solves three vulnerabilities and has one errata is now available.


This update for glibc fixes the following issues:

  • CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150)
  • CVE-2018-11236: Fix overflow in path length computation (bsc#1094161)
  • CVE-2018-11237: Don't write beyond buffer destination in __mempcpy_avx512_no_vzeroupper (bsc#1094154)

Non security bugs fixed:
  • Fix crash in resolver on memory allocation failure (bsc#1086690)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 12-SP2-BCL:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2018-1077=1

Package List:

  • SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
    • glibc-html-2.22-62.13.2
    • glibc-i18ndata-2.22-62.13.2
    • glibc-info-2.22-62.13.2
  • SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
    • glibc-2.22-62.13.2
    • glibc-32bit-2.22-62.13.2
    • glibc-debuginfo-2.22-62.13.2
    • glibc-debuginfo-32bit-2.22-62.13.2
    • glibc-debugsource-2.22-62.13.2
    • glibc-devel-2.22-62.13.2
    • glibc-devel-32bit-2.22-62.13.2
    • glibc-devel-debuginfo-2.22-62.13.2
    • glibc-devel-debuginfo-32bit-2.22-62.13.2
    • glibc-locale-2.22-62.13.2
    • glibc-locale-32bit-2.22-62.13.2
    • glibc-locale-debuginfo-2.22-62.13.2
    • glibc-locale-debuginfo-32bit-2.22-62.13.2
    • glibc-profile-2.22-62.13.2
    • glibc-profile-32bit-2.22-62.13.2
    • nscd-2.22-62.13.2
    • nscd-debuginfo-2.22-62.13.2