Security update for glibc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:3291-1 Final 1 1 2021-12-08T15:40:26Z current 2021-12-08T15:40:26Z 2021-12-08T15:40:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glibc This update for glibc fixes the following issues: - CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489). - CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2021-3291 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TYMYANBGPUFKQ7SIIB3PZLAAR35QYXOR/ E-Mail link for openSUSE-SU-2021:3291-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1186489 SUSE Bug 1186489 https://bugzilla.suse.com/1187911 SUSE Bug 1187911 https://www.suse.com/security/cve/CVE-2021-33574/ SUSE CVE CVE-2021-33574 page https://www.suse.com/security/cve/CVE-2021-35942/ SUSE CVE CVE-2021-35942 page openSUSE Leap 15.3 glibc-2.31-9.3.2 glibc-32bit-2.31-9.3.2 glibc-devel-2.31-9.3.2 glibc-devel-32bit-2.31-9.3.2 glibc-devel-static-2.31-9.3.2 glibc-devel-static-32bit-2.31-9.3.2 glibc-extra-2.31-9.3.2 glibc-html-2.31-9.3.2 glibc-i18ndata-2.31-9.3.2 glibc-info-2.31-9.3.2 glibc-lang-2.31-9.3.2 glibc-locale-2.31-9.3.2 glibc-locale-base-2.31-9.3.2 glibc-locale-base-32bit-2.31-9.3.2 glibc-profile-2.31-9.3.2 glibc-profile-32bit-2.31-9.3.2 glibc-utils-2.31-9.3.2 glibc-utils-32bit-2.31-9.3.2 nscd-2.31-9.3.2 glibc-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-32bit-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-devel-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-devel-32bit-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-devel-static-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-devel-static-32bit-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-extra-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-html-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-i18ndata-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-info-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-lang-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-locale-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-locale-base-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-locale-base-32bit-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-profile-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-profile-32bit-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-utils-2.31-9.3.2 as a component of openSUSE Leap 15.3 glibc-utils-32bit-2.31-9.3.2 as a component of openSUSE Leap 15.3 nscd-2.31-9.3.2 as a component of openSUSE Leap 15.3 The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. CVE-2021-33574 openSUSE Leap 15.3:glibc-2.31-9.3.2 openSUSE Leap 15.3:glibc-32bit-2.31-9.3.2 openSUSE Leap 15.3:glibc-devel-2.31-9.3.2 openSUSE Leap 15.3:glibc-devel-32bit-2.31-9.3.2 openSUSE Leap 15.3:glibc-devel-static-2.31-9.3.2 openSUSE Leap 15.3:glibc-devel-static-32bit-2.31-9.3.2 openSUSE Leap 15.3:glibc-extra-2.31-9.3.2 openSUSE Leap 15.3:glibc-html-2.31-9.3.2 openSUSE Leap 15.3:glibc-i18ndata-2.31-9.3.2 openSUSE Leap 15.3:glibc-info-2.31-9.3.2 openSUSE Leap 15.3:glibc-lang-2.31-9.3.2 openSUSE Leap 15.3:glibc-locale-2.31-9.3.2 openSUSE Leap 15.3:glibc-locale-base-2.31-9.3.2 openSUSE Leap 15.3:glibc-locale-base-32bit-2.31-9.3.2 openSUSE Leap 15.3:glibc-profile-2.31-9.3.2 openSUSE Leap 15.3:glibc-profile-32bit-2.31-9.3.2 openSUSE Leap 15.3:glibc-utils-2.31-9.3.2 openSUSE Leap 15.3:glibc-utils-32bit-2.31-9.3.2 openSUSE Leap 15.3:nscd-2.31-9.3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TYMYANBGPUFKQ7SIIB3PZLAAR35QYXOR/ https://www.suse.com/security/cve/CVE-2021-33574.html CVE-2021-33574 https://bugzilla.suse.com/1186489 SUSE Bug 1186489 https://bugzilla.suse.com/1189426 SUSE Bug 1189426 https://bugzilla.suse.com/1192788 SUSE Bug 1192788 https://bugzilla.suse.com/1196766 SUSE Bug 1196766 The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. CVE-2021-35942 openSUSE Leap 15.3:glibc-2.31-9.3.2 openSUSE Leap 15.3:glibc-32bit-2.31-9.3.2 openSUSE Leap 15.3:glibc-devel-2.31-9.3.2 openSUSE Leap 15.3:glibc-devel-32bit-2.31-9.3.2 openSUSE Leap 15.3:glibc-devel-static-2.31-9.3.2 openSUSE Leap 15.3:glibc-devel-static-32bit-2.31-9.3.2 openSUSE Leap 15.3:glibc-extra-2.31-9.3.2 openSUSE Leap 15.3:glibc-html-2.31-9.3.2 openSUSE Leap 15.3:glibc-i18ndata-2.31-9.3.2 openSUSE Leap 15.3:glibc-info-2.31-9.3.2 openSUSE Leap 15.3:glibc-lang-2.31-9.3.2 openSUSE Leap 15.3:glibc-locale-2.31-9.3.2 openSUSE Leap 15.3:glibc-locale-base-2.31-9.3.2 openSUSE Leap 15.3:glibc-locale-base-32bit-2.31-9.3.2 openSUSE Leap 15.3:glibc-profile-2.31-9.3.2 openSUSE Leap 15.3:glibc-profile-32bit-2.31-9.3.2 openSUSE Leap 15.3:glibc-utils-2.31-9.3.2 openSUSE Leap 15.3:glibc-utils-32bit-2.31-9.3.2 openSUSE Leap 15.3:nscd-2.31-9.3.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TYMYANBGPUFKQ7SIIB3PZLAAR35QYXOR/ https://www.suse.com/security/cve/CVE-2021-35942.html CVE-2021-35942 https://bugzilla.suse.com/1187911 SUSE Bug 1187911 https://bugzilla.suse.com/1192788 SUSE Bug 1192788