CVE-2020-29573

Upstream information

CVE-2020-29573 at MITRE

Description

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.

---

SUSE information

Overall state of this security issue: Running

This issue is currently rated as having important severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

CVSS v3 Scores

	National Vulnerability Database	SUSE
Base Score	7.5	7.5
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Vector	Network	Network
Access Complexity	Low	Low
Privileges Required	None	None
User Interaction	None	None
Scope	Unchanged	Unchanged
Confidentiality Impact	None	None
Integrity Impact	None	None
Availability Impact	High	High
CVSSv3 Version	3.1	3.1

SUSE Bugzilla entry: 1179721 [NEW]

SUSE Security Advisories:

• SUSE-CU-2021:104-1, published Wed Apr 14 06:08:29 UTC 2021
• SUSE-CU-2021:105-1, published Wed Apr 14 06:15:54 UTC 2021
• SUSE-CU-2021:58-1, published Sat Feb 27 07:05:32 UTC 2021
• SUSE-CU-2021:59-1, published Sun Feb 28 07:14:17 UTC 2021
• SUSE-CU-2021:67-1, published Thu Mar 11 07:05:47 UTC 2021
• SUSE-CU-2021:69-1, published Fri Mar 12 07:10:02 UTC 2021
• SUSE-CU-2021:71-1, published Fri Mar 12 07:11:29 UTC 2021
• SUSE-CU-2021:72-1, published Fri Mar 12 07:12:37 UTC 2021
• SUSE-CU-2021:73-1, published Fri Mar 12 07:13:46 UTC 2021
• SUSE-CU-2021:74-1, published Fri Mar 12 07:14:52 UTC 2021
• SUSE-CU-2021:75-1, published Fri Mar 12 07:16:03 UTC 2021
• SUSE-CU-2021:76-1, published Fri Mar 12 07:19:02 UTC 2021
• SUSE-CU-2021:86-1, published Tue Mar 30 06:33:10 UTC 2021
• SUSE-CU-2021:97-1, published Fri Apr 9 06:01:49 UTC 2021
• SUSE-CU-2021:98-1, published Fri Apr 9 06:04:03 UTC 2021
• SUSE-IU-2021:411-1, published Wed Mar 10 11:39:16 UTC 2021
• SUSE-IU-2021:412-1, published Wed Mar 10 11:41:20 UTC 2021
• SUSE-IU-2021:413-1, published Wed Mar 10 11:43:17 UTC 2021
• SUSE-IU-2021:415-1, published Wed Mar 10 11:46:55 UTC 2021
• SUSE-IU-2021:416-1, published Wed Mar 10 11:48:46 UTC 2021
• SUSE-IU-2021:429-1, published Wed Apr 7 16:19:45 UTC 2021
• SUSE-IU-2021:430-1, published Wed Apr 7 16:20:55 UTC 2021
• SUSE-IU-2021:435-1, published Fri Apr 9 05:53:31 UTC 2021
• SUSE-SU-2021:0653-1, published Fri Feb 26 23:18:14 UTC 2021
• SUSE-SU-2021:1165-1, published Tue Apr 13 16:25:22 UTC 2021
• openSUSE-SU-2021:0358-1, published Sun Feb 28 03:38:12 2021

List of released packages

Product(s)	Fixed package version(s)	References
Container suse/sle15:15.0 Container suse/sle15:15.1 Container suse/sle15:15.2 Image caasp4/caasp-389-ds-image Image caasp4/caasp-busybox-image Image caasp4/caasp-caasp-dex-image Image caasp4/caasp-cert-exporter-image Image caasp4/caasp-cilium-etcd-operator-image Image caasp4/caasp-cilium-init-image Image caasp4/caasp-cilium-operator-image Image caasp4/caasp-cloud-provider-openstack-image Image caasp4/caasp-configmap-reload-image Image caasp4/caasp-coredns-image Image caasp4/caasp-curl-image Image caasp4/caasp-etcd-image Image caasp4/caasp-gangway-image Image caasp4/caasp-grafana-image Image caasp4/caasp-helm-tiller-image Image caasp4/caasp-hyperkube-image Image caasp4/caasp-k8s-sidecar-image Image caasp4/caasp-kube-state-metrics-image Image caasp4/caasp-kubernetes-client-image Image caasp4/caasp-kured-image Image caasp4/caasp-metrics-server-image Image caasp4/caasp-prometheus-alertmanager-image Image caasp4/caasp-prometheus-node-exporter-image Image caasp4/caasp-prometheus-pushgateway-image Image caasp4/caasp-prometheus-server-image Image caasp4/caasp-rsyslog-image Image caasp4/caasp-test-update-image Image caasp4/caasp-velero-image Image caasp4/caasp-velero-plugin-for-aws-image Image caasp4/caasp-velero-plugin-for-gcp-image Image caasp4/caasp-velero-plugin-for-microsoft-azure-image Image caasp4/caasp-velero-restic-restore-helper-image Image caasp45/caasp-389-ds-image Image caasp45/caasp-busybox-image Image caasp45/caasp-caasp-dex-image Image caasp45/caasp-cert-manager-cainjector-image Image caasp45/caasp-cert-manager-controller-image Image caasp45/caasp-cert-manager-webhook-image Image caasp45/caasp-cilium-etcd-operator-image Image caasp45/caasp-cilium-operator-image Image caasp45/caasp-configmap-reload-image Image caasp45/caasp-coredns-image Image caasp45/caasp-curl-image Image caasp45/caasp-default-http-backend-image Image caasp45/caasp-etcd-image Image caasp45/caasp-gangway-image Image caasp45/caasp-grafana-image Image caasp45/caasp-helm-tiller-image Image caasp45/caasp-ingress-nginx-controller-image Image caasp45/caasp-istio-base-image Image caasp45/caasp-istio-pilot-image Image caasp45/caasp-istio-proxyv2-image Image caasp45/caasp-k8s-sidecar-image Image caasp45/caasp-kube-apiserver-image Image caasp45/caasp-kube-controller-manager-image Image caasp45/caasp-kube-proxy-image Image caasp45/caasp-kube-scheduler-image Image caasp45/caasp-kube-state-metrics-image Image caasp45/caasp-kubernetes-client-image Image caasp45/caasp-kucero-image Image caasp45/caasp-kured-image Image caasp45/caasp-metrics-server-image Image caasp45/caasp-prometheus-alertmanager-image Image caasp45/caasp-prometheus-node-exporter-image Image caasp45/caasp-prometheus-pushgateway-image Image caasp45/caasp-prometheus-server-image Image caasp45/caasp-reloader-image Image caasp45/caasp-rsyslog-image Image caasp45/caasp-skuba-tooling-image Image caasp45/caasp-velero-image Image caasp45/caasp-velero-plugin-for-aws-image Image caasp45/caasp-velero-plugin-for-gcp-image Image caasp45/caasp-velero-plugin-for-microsoft-azure-image Image caasp45/caasp-velero-restic-restore-helper-image	glibc >= 2.26-13.56.1
Container suse/sles12sp4:latest Container suse/sles12sp5:latest	glibc >= 2.22-114.8.3
Image SLES15-EC2-CHOST-HVM-BYOS Image SLES15-SP1-CHOST-BYOS-Azure Image SLES15-SP1-CHOST-BYOS-EC2 Image SLES15-SP1-CHOST-BYOS-GCE Image SLES15-SP2-CHOST-BYOS-Aliyun Image SLES15-SP2-CHOST-BYOS-Azure Image SLES15-SP2-CHOST-BYOS-EC2 Image SLES15-SP2-CHOST-BYOS-GCE	glibc >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1
Image caasp4/caasp-cilium-image	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1
Image caasp45/caasp-cilium-image	glibc >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1
SUSE CaaS Platform 4.0	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1 glibc-devel-static >= 2.26-13.56.1 glibc-extra >= 2.26-13.56.1 glibc-i18ndata >= 2.26-13.56.1 glibc-info >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1 glibc-locale-base-32bit >= 2.26-13.56.1 glibc-profile >= 2.26-13.56.1 glibc-utils >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1 nscd >= 2.26-13.56.1	Patchnames: SUSE-SUSE-CAASP-4.0-2021-653
SUSE Enterprise Storage 6	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1 glibc-devel-static >= 2.26-13.56.1 glibc-extra >= 2.26-13.56.1 glibc-i18ndata >= 2.26-13.56.1 glibc-info >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1 glibc-locale-base-32bit >= 2.26-13.56.1 glibc-profile >= 2.26-13.56.1 glibc-utils >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1 nscd >= 2.26-13.56.1	Patchnames: SUSE-Storage-6-2021-653
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1 glibc-devel-static >= 2.26-13.56.1 glibc-extra >= 2.26-13.56.1 glibc-i18ndata >= 2.26-13.56.1 glibc-info >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1 glibc-locale-base-32bit >= 2.26-13.56.1 glibc-profile >= 2.26-13.56.1 glibc-utils >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1 nscd >= 2.26-13.56.1	Patchnames: SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-653
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1 glibc-devel-static >= 2.26-13.56.1 glibc-extra >= 2.26-13.56.1 glibc-i18ndata >= 2.26-13.56.1 glibc-info >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1 glibc-locale-base-32bit >= 2.26-13.56.1 glibc-profile >= 2.26-13.56.1 glibc-utils >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1 nscd >= 2.26-13.56.1	Patchnames: SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-653
SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1 glibc-devel-static >= 2.26-13.56.1 glibc-extra >= 2.26-13.56.1 glibc-i18ndata >= 2.26-13.56.1 glibc-info >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1 glibc-locale-base-32bit >= 2.26-13.56.1 glibc-profile >= 2.26-13.56.1 glibc-utils >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1 nscd >= 2.26-13.56.1	Patchnames: SUSE-SLE-Product-HPC-15-2021-653
SUSE Linux Enterprise Module for Basesystem 15 SP2	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-extra >= 2.26-13.56.1 glibc-i18ndata >= 2.26-13.56.1 glibc-info >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1 glibc-locale-base-32bit >= 2.26-13.56.1 glibc-profile >= 2.26-13.56.1 nscd >= 2.26-13.56.1	Patchnames: SUSE-SLE-Module-Basesystem-15-SP2-2021-653
SUSE Linux Enterprise Module for Development Tools 15 SP2	glibc >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1 glibc-devel-static >= 2.26-13.56.1 glibc-utils >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1	Patchnames: SUSE-SLE-Module-Development-Tools-15-SP2-2021-653
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2	glibc >= 2.26-13.56.1 glibc-devel-static-32bit >= 2.26-13.56.1 glibc-html >= 2.26-13.56.1 glibc-profile-32bit >= 2.26-13.56.1 glibc-utils-32bit >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1	Patchnames: SUSE-SLE-Module-Development-Tools-OBS-15-SP2-2021-653
SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server for SAP Applications 12 SP4-ESPOS	glibc >= 2.22-114.8.3 glibc-32bit >= 2.22-114.8.3 glibc-devel >= 2.22-114.8.3 glibc-devel-32bit >= 2.22-114.8.3 glibc-html >= 2.22-114.8.3 glibc-i18ndata >= 2.22-114.8.3 glibc-info >= 2.22-114.8.3 glibc-locale >= 2.22-114.8.3 glibc-locale-32bit >= 2.22-114.8.3 glibc-profile >= 2.22-114.8.3 glibc-profile-32bit >= 2.22-114.8.3 nscd >= 2.22-114.8.3	Patchnames: SUSE-SLE-SERVER-12-SP4-ESPOS-2021-1165
SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP4-LTSS	glibc >= 2.22-114.8.3 glibc-32bit >= 2.22-114.8.3 glibc-devel >= 2.22-114.8.3 glibc-devel-32bit >= 2.22-114.8.3 glibc-html >= 2.22-114.8.3 glibc-i18ndata >= 2.22-114.8.3 glibc-info >= 2.22-114.8.3 glibc-locale >= 2.22-114.8.3 glibc-locale-32bit >= 2.22-114.8.3 glibc-profile >= 2.22-114.8.3 glibc-profile-32bit >= 2.22-114.8.3 nscd >= 2.22-114.8.3	Patchnames: SUSE-SLE-SERVER-12-SP4-LTSS-2021-1165
SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5	glibc >= 2.22-114.8.3 glibc-32bit >= 2.22-114.8.3 glibc-devel >= 2.22-114.8.3 glibc-devel-32bit >= 2.22-114.8.3 glibc-html >= 2.22-114.8.3 glibc-i18ndata >= 2.22-114.8.3 glibc-info >= 2.22-114.8.3 glibc-locale >= 2.22-114.8.3 glibc-locale-32bit >= 2.22-114.8.3 glibc-profile >= 2.22-114.8.3 glibc-profile-32bit >= 2.22-114.8.3 nscd >= 2.22-114.8.3	Patchnames: SUSE-SLE-SERVER-12-SP5-2021-1165
SUSE Linux Enterprise Server 15 SP1-BCL	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1 glibc-devel-static >= 2.26-13.56.1 glibc-extra >= 2.26-13.56.1 glibc-i18ndata >= 2.26-13.56.1 glibc-info >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1 glibc-locale-base-32bit >= 2.26-13.56.1 glibc-profile >= 2.26-13.56.1 glibc-utils >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1 nscd >= 2.26-13.56.1	Patchnames: SUSE-SLE-Product-SLES-15-SP1-BCL-2021-653
SUSE Linux Enterprise Server 15 SP1-LTSS	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1 glibc-devel-static >= 2.26-13.56.1 glibc-extra >= 2.26-13.56.1 glibc-i18ndata >= 2.26-13.56.1 glibc-info >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1 glibc-locale-base-32bit >= 2.26-13.56.1 glibc-profile >= 2.26-13.56.1 glibc-utils >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1 nscd >= 2.26-13.56.1	Patchnames: SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-653
SUSE Linux Enterprise Server 15-LTSS	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1 glibc-devel-static >= 2.26-13.56.1 glibc-extra >= 2.26-13.56.1 glibc-i18ndata >= 2.26-13.56.1 glibc-info >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1 glibc-locale-base-32bit >= 2.26-13.56.1 glibc-profile >= 2.26-13.56.1 glibc-utils >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1 nscd >= 2.26-13.56.1	Patchnames: SUSE-SLE-Product-SLES-15-2021-653
SUSE Linux Enterprise Server for SAP Applications 12 SP4	glibc >= 2.22-114.8.3 glibc-32bit >= 2.22-114.8.3 glibc-devel >= 2.22-114.8.3 glibc-devel-32bit >= 2.22-114.8.3 glibc-html >= 2.22-114.8.3 glibc-i18ndata >= 2.22-114.8.3 glibc-info >= 2.22-114.8.3 glibc-locale >= 2.22-114.8.3 glibc-locale-32bit >= 2.22-114.8.3 glibc-profile >= 2.22-114.8.3 glibc-profile-32bit >= 2.22-114.8.3 nscd >= 2.22-114.8.3	Patchnames: SUSE-SLE-SAP-12-SP4-2021-1165
SUSE Linux Enterprise Server for SAP Applications 15 SP1	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1 glibc-devel-static >= 2.26-13.56.1 glibc-extra >= 2.26-13.56.1 glibc-i18ndata >= 2.26-13.56.1 glibc-info >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1 glibc-locale-base-32bit >= 2.26-13.56.1 glibc-profile >= 2.26-13.56.1 glibc-utils >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1 nscd >= 2.26-13.56.1	Patchnames: SUSE-SLE-Product-SLES_SAP-15-SP1-2021-653
SUSE Linux Enterprise Server for SAP Applications 15	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1 glibc-devel-static >= 2.26-13.56.1 glibc-extra >= 2.26-13.56.1 glibc-i18ndata >= 2.26-13.56.1 glibc-info >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1 glibc-locale-base-32bit >= 2.26-13.56.1 glibc-profile >= 2.26-13.56.1 glibc-utils >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1 nscd >= 2.26-13.56.1	Patchnames: SUSE-SLE-Product-SLES_SAP-15-2021-653
SUSE Linux Enterprise Software Development Kit 12 SP5	glibc >= 2.22-114.8.3 glibc-devel-static >= 2.22-114.8.3 glibc-info >= 2.22-114.8.3	Patchnames: SUSE-SLE-SDK-12-SP5-2021-1165
SUSE Manager Proxy 4.0	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1 glibc-devel-static >= 2.26-13.56.1 glibc-extra >= 2.26-13.56.1 glibc-i18ndata >= 2.26-13.56.1 glibc-info >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1 glibc-locale-base-32bit >= 2.26-13.56.1 glibc-profile >= 2.26-13.56.1 glibc-utils >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1 nscd >= 2.26-13.56.1	Patchnames: SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-653
SUSE Manager Retail Branch Server 4.0	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1 glibc-devel-static >= 2.26-13.56.1 glibc-extra >= 2.26-13.56.1 glibc-i18ndata >= 2.26-13.56.1 glibc-info >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1 glibc-locale-base-32bit >= 2.26-13.56.1 glibc-profile >= 2.26-13.56.1 glibc-utils >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1 nscd >= 2.26-13.56.1	Patchnames: SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-653
SUSE Manager Server 4.0	glibc >= 2.26-13.56.1 glibc-32bit >= 2.26-13.56.1 glibc-devel >= 2.26-13.56.1 glibc-devel-32bit >= 2.26-13.56.1 glibc-devel-static >= 2.26-13.56.1 glibc-extra >= 2.26-13.56.1 glibc-i18ndata >= 2.26-13.56.1 glibc-info >= 2.26-13.56.1 glibc-locale >= 2.26-13.56.1 glibc-locale-base >= 2.26-13.56.1 glibc-locale-base-32bit >= 2.26-13.56.1 glibc-profile >= 2.26-13.56.1 glibc-utils >= 2.26-13.56.1 glibc-utils-src >= 2.26-13.56.1 nscd >= 2.26-13.56.1	Patchnames: SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-653
SUSE OpenStack Cloud 9	glibc >= 2.22-114.8.3 glibc-32bit >= 2.22-114.8.3 glibc-devel >= 2.22-114.8.3 glibc-devel-32bit >= 2.22-114.8.3 glibc-html >= 2.22-114.8.3 glibc-i18ndata >= 2.22-114.8.3 glibc-info >= 2.22-114.8.3 glibc-locale >= 2.22-114.8.3 glibc-locale-32bit >= 2.22-114.8.3 glibc-profile >= 2.22-114.8.3 glibc-profile-32bit >= 2.22-114.8.3 nscd >= 2.22-114.8.3	Patchnames: SUSE-OpenStack-Cloud-9-2021-1165
SUSE OpenStack Cloud Crowbar 9	glibc >= 2.22-114.8.3 glibc-32bit >= 2.22-114.8.3 glibc-devel >= 2.22-114.8.3 glibc-devel-32bit >= 2.22-114.8.3 glibc-html >= 2.22-114.8.3 glibc-i18ndata >= 2.22-114.8.3 glibc-info >= 2.22-114.8.3 glibc-locale >= 2.22-114.8.3 glibc-locale-32bit >= 2.22-114.8.3 glibc-profile >= 2.22-114.8.3 glibc-profile-32bit >= 2.22-114.8.3 nscd >= 2.22-114.8.3	Patchnames: SUSE-OpenStack-Cloud-Crowbar-9-2021-1165
openSUSE Leap 15.2	glibc >= 2.26-lp152.26.6.1 glibc-32bit >= 2.26-lp152.26.6.1 glibc-32bit-debuginfo >= 2.26-lp152.26.6.1 glibc-debuginfo >= 2.26-lp152.26.6.1 glibc-debugsource >= 2.26-lp152.26.6.1 glibc-devel >= 2.26-lp152.26.6.1 glibc-devel-32bit >= 2.26-lp152.26.6.1 glibc-devel-32bit-debuginfo >= 2.26-lp152.26.6.1 glibc-devel-debuginfo >= 2.26-lp152.26.6.1 glibc-devel-static >= 2.26-lp152.26.6.1 glibc-devel-static-32bit >= 2.26-lp152.26.6.1 glibc-extra >= 2.26-lp152.26.6.1 glibc-extra-debuginfo >= 2.26-lp152.26.6.1 glibc-html >= 2.26-lp152.26.6.1 glibc-i18ndata >= 2.26-lp152.26.6.1 glibc-info >= 2.26-lp152.26.6.1 glibc-locale >= 2.26-lp152.26.6.1 glibc-locale-base >= 2.26-lp152.26.6.1 glibc-locale-base-32bit >= 2.26-lp152.26.6.1 glibc-locale-base-32bit-debuginfo >= 2.26-lp152.26.6.1 glibc-locale-base-debuginfo >= 2.26-lp152.26.6.1 glibc-profile >= 2.26-lp152.26.6.1 glibc-profile-32bit >= 2.26-lp152.26.6.1 glibc-testsuite-src >= 2.26-lp152.26.6.1 glibc-utils >= 2.26-lp152.26.6.1 glibc-utils-32bit >= 2.26-lp152.26.6.1 glibc-utils-32bit-debuginfo >= 2.26-lp152.26.6.1 glibc-utils-debuginfo >= 2.26-lp152.26.6.1 glibc-utils-src >= 2.26-lp152.26.6.1 glibc-utils-src-debugsource >= 2.26-lp152.26.6.1 nscd >= 2.26-lp152.26.6.1 nscd-debuginfo >= 2.26-lp152.26.6.1	Patchnames: openSUSE-2021-358

---

First public cloud image revisions this CVE is fixed in:

• alibaba/sles-15-sp2-chost-byos-v20210304
• amazon/suse-manager-4-0-proxy-byos-v20210304-hvm-ssd-x86_64
• amazon/suse-manager-4-0-server-byos-v20210304-hvm-ssd-x86_64
• amazon/suse-manager-4-1-proxy-byos-v20210304-hvm-ssd-x86_64
• amazon/suse-manager-4-1-server-byos-v20210303-hvm-ssd-x86_64
• amazon/suse-sles-15-byos-v20210304-hvm-ssd-arm64
• amazon/suse-sles-15-byos-v20210304-hvm-ssd-x86_64
• amazon/suse-sles-15-chost-byos-v20210304-hvm-ssd-x86_64
• amazon/suse-sles-15-sp1-byos-v20210304-hvm-ssd-arm64
• amazon/suse-sles-15-sp1-byos-v20210304-hvm-ssd-x86_64
• amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64
• amazon/suse-sles-15-sp1-sapcal-v20210304-hvm-ssd-x86_64
• amazon/suse-sles-15-sp2-byos-v20210303-hvm-ssd-arm64
• amazon/suse-sles-15-sp2-byos-v20210303-hvm-ssd-x86_64
• amazon/suse-sles-15-sp2-chost-byos-v20210304-hvm-ssd-x86_64
• amazon/suse-sles-15-sp2-v20210303-ecs-hvm-ssd-x86_64
• amazon/suse-sles-15-sp2-v20210303-hvm-ssd-arm64
• amazon/suse-sles-15-sp2-v20210303-hvm-ssd-x86_64
• amazon/suse-sles-hpc-15-sp1-byos-v20210304-hvm-ssd-x86_64
• amazon/suse-sles-hpc-15-sp2-byos-v20210303-hvm-ssd-x86_64
• amazon/suse-sles-sap-15-byos-v20210304-hvm-ssd-x86_64
• amazon/suse-sles-sap-15-sp1-byos-v20210304-hvm-ssd-x86_64
• amazon/suse-sles-sap-15-sp2-byos-v20210303-hvm-ssd-x86_64
• google/sles-15-byos-v20210303
• google/sles-15-sap-byos-v20210303
• google/sles-15-sap-v20210303
• google/sles-15-sp1-byos-v20210303
• google/sles-15-sp1-chost-byos-v20210304
• google/sles-15-sp1-sap-byos-v20210303
• google/sles-15-sp1-sap-v20210303
• google/sles-15-sp1-sapcal-v20210303
• google/sles-15-sp2-byos-v20210303
• google/sles-15-sp2-chost-byos-v20210304
• google/sles-15-sp2-sap-byos-v20210303
• google/sles-15-sp2-sap-v20210303
• google/sles-15-sp2-v20210303
• google/suse-manager-4-0-proxy-byos-v20210304
• google/suse-manager-4-0-server-byos-v20210304
• google/suse-manager-4-1-proxy-byos-v20210304
• google/suse-manager-4-1-server-byos-v20210304
• oracle/sles-15-byos-v20210303
• oracle/sles-15-sap-byos-v20210303
• oracle/sles-15-sp1-byos-v20210303
• oracle/sles-15-sp1-sap-byos-v20210303
• oracle/sles-15-sp2-byos-v20210303
• oracle/sles-15-sp2-sap-byos-v20210303

---

Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.

Product(s)	Source package	State
Carwos 1	glibc	Not affected
HPE Helion OpenStack 8	glibc	Affected
SUSE CaaS Platform 4.0	glibc	Released
SUSE Enterprise Storage 5	glibc	Unsupported
SUSE Enterprise Storage 6	glibc	Released
SUSE Linux Enterprise High Performance Computing 12 SP5	glibc	Released
SUSE Linux Enterprise High Performance Computing 15 LTSS	glibc	Released
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS	glibc	Released
SUSE Linux Enterprise Module for Basesystem 15 SP1	glibc	Unsupported
SUSE Linux Enterprise Module for Basesystem 15 SP2	glibc	Released
SUSE Linux Enterprise Module for Development Tools 15 SP1	glibc	Unsupported
SUSE Linux Enterprise Module for Development Tools 15 SP2	glibc	Released
SUSE Linux Enterprise Point of Service 11 SP3	glibc	Affected
SUSE Linux Enterprise Point of Service Image Server 12	glibc	Affected
SUSE Linux Enterprise Server 11 SP4 LTSS	glibc	Affected
SUSE Linux Enterprise Server 12 SP2 BCL	glibc	Affected
SUSE Linux Enterprise Server 12 SP2 ESPOS	glibc	Affected
SUSE Linux Enterprise Server 12 SP2 LTSS	glibc	Affected
SUSE Linux Enterprise Server 12 SP3 BCL	glibc	Affected
SUSE Linux Enterprise Server 12 SP3 ESPOS	glibc	Affected
SUSE Linux Enterprise Server 12 SP3 LTSS	glibc	Affected
SUSE Linux Enterprise Server 12 SP4 ESPOS	glibc	Released
SUSE Linux Enterprise Server 12 SP4 LTSS	glibc	Released
SUSE Linux Enterprise Server 12 SP5	glibc	Released
SUSE Linux Enterprise Server 15 LTSS	glibc	Released
SUSE Linux Enterprise Server 15 SP1 Business Critical Linux	glibc	Released
SUSE Linux Enterprise Server 15 SP1 LTSS	glibc	Released
SUSE Linux Enterprise Server ESPOS 15	glibc	Released
SUSE Linux Enterprise Server for SAP Applications 12 SP2	glibc	Affected
SUSE Linux Enterprise Server for SAP Applications 12 SP3	glibc	Affected
SUSE Linux Enterprise Server for SAP Applications 12 SP4	glibc	Released
SUSE Linux Enterprise Server for SAP Applications 12 SP5	glibc	Released
SUSE Linux Enterprise Server for SAP Applications 15	glibc	Released
SUSE Linux Enterprise Server for SAP Applications 15 SP1	glibc	Released
SUSE Linux Enterprise Software Development Kit 12 SP5	glibc	Released
SUSE Manager Proxy 4.0	glibc	Released
SUSE Manager Retail Branch Server 4.0	glibc	Released
SUSE Manager Server 4.0	glibc	Released
SUSE OpenStack Cloud 7	glibc	Affected
SUSE OpenStack Cloud 8	glibc	Affected
SUSE OpenStack Cloud 9	glibc	Released
SUSE OpenStack Cloud Crowbar 8	glibc	Affected
SUSE OpenStack Cloud Crowbar 9	glibc	Released