{"id":"MGASA-2019-0349","summary":"Updated glibc packages fix security vulnerability","details":"Updated glibc packages fixes the following security issue:\n\nOn the x86-64 architecture, the GNU C Library (aka glibc) before 2.31\nfails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable\nduring program execution after a security transition, allowing local\nattackers to restrict the possible mapping addresses for loaded\nlibraries and thus bypass ASLR for a setuid program (CVE-2019-19126).\n\nOther upstream fixes in this update:\n- Call _dl_open_check after relocation [BZ #24259]\n- support: Export bindir path on support_path\n- nss_db: fix endent wrt NULL mappings [BZ #24695] [BZ #24696]\n- elf: Refuse to dlopen PIE objects [BZ #24323]\n- Fix alignment of TLS variables for tls variant TLS_TCB_AT_TP [BZ #23403]\n- Fix assertion in malloc.c:tcache_get\n- Small tcache improvements\n- malloc: Remove unwanted leading whitespace in malloc_info [BZ #24867]\n- malloc: Fix missing accounting of top chunk in malloc_info [BZ #24026]\n- Add glibc.malloc.mxfast tunable\n- malloc: Various cleanups for malloc/tst-mxfast\n- Base max_fast on alignment, not width, of bins [BZ #24903]\n- Linux: Use in-tree copy of SO_ constants for !__USE_MISC [BZ #24532]\n","modified":"2026-04-16T01:46:17.740132499Z","published":"2019-11-30T13:06:06Z","upstream":["CVE-2019-19126"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0349.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25756"}],"affected":[{"package":{"name":"glibc","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/glibc?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.29-19.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0349.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}