{"id":"MGASA-2018-0293","summary":"Updated glibc packages fix security vulnerabilities","details":"Updated glibc packages fix security vulnerabilities:\n\nAn SSE2-optimized memmove implementation for i386 in\nsysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka\nglibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping\nmemory check if the source memory range spans the middle of the address space,\nresulting in corrupt data being produced by the copy operation. This may\ndisclose information to context-dependent attackers, or result in a denial of\nservice, or, possibly, code execution (CVE-2017-18269).\n\nstdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and\nearlier, when processing very long pathname arguments to the realpath function,\ncould encounter an integer overflow on 32-bit architectures, leading to a\nstack-based buffer overflow and, potentially, arbitrary code execution\n(CVE-2018-11236).\n","modified":"2026-01-30T09:35:03.198255Z","published":"2018-06-24T22:02:29Z","related":["CVE-2017-18269","CVE-2018-11236"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0293.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23136"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00010.html"}],"affected":[{"package":{"name":"glibc","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/glibc?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.22-29.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0293.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}