Vulnerability CVE-2017-15804: Information
Description
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| glibc | sisyphus | 2.25-alt3 | 2.38.0.76.e9f05fa1c6-alt1 | ALT-PU-2017-2516-1 | 191922 | Fixed |
| glibc | sisyphus_e2k | 2.35.0.234.3f63f9dfe1-alt1.E2K.27.020.2 | 2.35.0.234.3f63f9dfe1-alt1.E2K.27.020.4 | ALT-PU-2024-1492-1 | - | Fixed |
| glibc | p10 | 2.25-alt3 | 2.32-alt5.p10.3 | ALT-PU-2017-2516-1 | 191922 | Fixed |
| glibc | p9 | 2.25-alt3 | 2.27-alt14 | ALT-PU-2017-2516-1 | 191922 | Fixed |
| glibc | p8 | 2.23-alt3.M80P.1 | 2.23-alt3.M80P.2 | ALT-PU-2017-2517-1 | 191925 | Fixed |
| glibc | c10f1 | 2.25-alt3 | 2.32-alt5.p10.3 | ALT-PU-2017-2516-1 | 191922 | Fixed |
| glibc | c9f2 | 2.25-alt3 | 2.27-alt14 | ALT-PU-2017-2516-1 | 191922 | Fixed |
| glibc | c7 | 2.17-alt5.M70C.14 | 2.17-alt5.M70C.14 | ALT-PU-2017-2497-1 | 191929 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=22332 |
|
| 101535 | |
| RHSA-2018:0805 | |
| RHSA-2018:1879 | |
| https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8 |