Security update for glibc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1250-1 Final 1 1 2019-04-20T08:29:27Z current 2019-04-20T08:29:27Z 2019-04-20T08:29:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glibc This update for glibc fixes the following issues: Security issue fixed: - CVE-2016-10739: Fixed an improper implementation of getaddrinfo function which could allow applications to incorrectly assume that had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings (bsc#1122729). Other issue fixed: - Fixed an issue where pthread_mutex_trylock did not use a correct order of instructions while maintained the robust mutex list due to missing compiler barriers (bsc#1130045). - Added new Japanese Era name support (bsc#1100396). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1250 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html E-Mail link for openSUSE-SU-2019:1250-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1100396 SUSE Bug 1100396 https://bugzilla.suse.com/1122729 SUSE Bug 1122729 https://bugzilla.suse.com/1130045 SUSE Bug 1130045 https://www.suse.com/security/cve/CVE-2016-10739/ SUSE CVE CVE-2016-10739 page openSUSE Leap 15.0 glibc-2.26-lp150.11.17.1 glibc-32bit-2.26-lp150.11.17.1 glibc-devel-2.26-lp150.11.17.1 glibc-devel-32bit-2.26-lp150.11.17.1 glibc-devel-static-2.26-lp150.11.17.1 glibc-devel-static-32bit-2.26-lp150.11.17.1 glibc-extra-2.26-lp150.11.17.1 glibc-html-2.26-lp150.11.17.1 glibc-i18ndata-2.26-lp150.11.17.1 glibc-info-2.26-lp150.11.17.1 glibc-locale-2.26-lp150.11.17.1 glibc-locale-base-2.26-lp150.11.17.1 glibc-locale-base-32bit-2.26-lp150.11.17.1 glibc-profile-2.26-lp150.11.17.1 glibc-profile-32bit-2.26-lp150.11.17.1 glibc-utils-2.26-lp150.11.17.1 glibc-utils-32bit-2.26-lp150.11.17.1 nscd-2.26-lp150.11.17.1 glibc-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-32bit-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-devel-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-devel-32bit-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-devel-static-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-devel-static-32bit-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-extra-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-html-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-i18ndata-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-info-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-locale-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-locale-base-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-locale-base-32bit-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-profile-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-profile-32bit-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-utils-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 glibc-utils-32bit-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 nscd-2.26-lp150.11.17.1 as a component of openSUSE Leap 15.0 In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. CVE-2016-10739 openSUSE Leap 15.0:glibc-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-32bit-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-devel-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-devel-32bit-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-devel-static-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-devel-static-32bit-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-extra-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-html-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-i18ndata-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-info-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-locale-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-locale-base-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-locale-base-32bit-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-profile-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-profile-32bit-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-utils-2.26-lp150.11.17.1 openSUSE Leap 15.0:glibc-utils-32bit-2.26-lp150.11.17.1 openSUSE Leap 15.0:nscd-2.26-lp150.11.17.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00082.html https://www.suse.com/security/cve/CVE-2016-10739.html CVE-2016-10739 https://bugzilla.suse.com/1122729 SUSE Bug 1122729 https://bugzilla.suse.com/1155094 SUSE Bug 1155094