--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2018-916dfe0d86
2018-05-27 19:30:55.541742
--------------------------------------------------------------------------------Name        : glibc
Product     : Fedora 28
Version     : 2.27
Release     : 15.fc28
URL         : http://www.gnu.org/software/glibc/
Summary     : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

--------------------------------------------------------------------------------Update Information:

This update ensures that valgrind works again without installing glibc debuginfo
packages (RHBZ#1570246). It also addresses a security vulnerability in the
`mempcpy` implementation for the Intel Xeon Phi processors (CVE-2018-11237,
RHBZ#1581275). Furthermore, the switch to libidn2 uses the final upstream
patches (RHBZ#1452750(.
--------------------------------------------------------------------------------ChangeLog:

* Thu May 24 2018 Florian Weimer  - 2.27-15
- Rebuild to add back .symtab section in ld.so (#1570246)
- Switch to upstream version of libidn2 removal (#1452750)
- Auto-sync with upstream branch release/2.27/master,
  commit 50df56ca86a281c8fd99a8100aac75539813788d:
- CVE-2018-11237: Buffer overflow in mempcpy for Xeon Phi (#1581275)
* Thu May 17 2018 Florian Weimer  - 2.27-14
- Do not run telinit u on upgrades (#1579225)
* Tue May 15 2018 Florian Weimer  - 2.27-13
- Auto-sync with upstream branch release/2.27/master,
  commit 0cd4a5e87f6885a2f15fe8e7eb7378d010cdb606:
- sunrpc: Remove stray exports (#1577210)
- gd_GB: Fix typo in abbreviated "May" (swbz#23152)
- realpath: Fix path length overflow (swbz#22786)
- elf: Fix stack overflow with huge PT_NOTE segment (swbz#20419)
- resolv: Fully initialize struct mmsghdr in send_dg (swbz#23037)
- manual: Various fixes to the mbstouwcs example, and mbrtowc update
- getlogin_r: return early when linux sentinel value is set
- resolv: Fix crash in resolver on memory allocation failure (swbz#23005)
- Fix signed integer overflow in random_r (swbz#17343)
- RISC-V: fix struct kernel_sigaction to match the kernel version (swbz#23069)
* Fri May 11 2018 Florian Weimer  - 2.27-12
- Unconditionally build downstream with -mstackrealign for now
* Fri May 11 2018 Florian Weimer  - 2.27-11
- Inherit compiler flags in the original order
* Fri May 11 2018 Florian Weimer  - 2.27-10
- Inherit the -mstackrealign flag if it is set
* Fri May 11 2018 Florian Weimer  - 2.27-9
- Use /usr/bin/python3 for benchmarks scripts (#1577223)
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1452750 - glibc: switch to libidn2
        https://bugzilla.redhat.com/show_bug.cgi?id=1452750
  [ 2 ] Bug #1581275 - CVE-2018-11237 glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1581275
  [ 3 ] Bug #1570246 - glibc: When built with file 5.33, valgrind stops working due to RPM ELF processing [Fedora]
        https://bugzilla.redhat.com/show_bug.cgi?id=1570246
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-916dfe0d86' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BBWUKF5U44F6HF2DUOJ3YDSML67Q4TT/

Fedora 28: glibc Security Update

May 27, 2018

This update ensures that valgrind works again without installing glibc debuginfo packages (RHBZ#1570246)

Summary

The glibc package contains standard libraries which are used by

multiple programs on the system. In order to save disk space and

memory, as well as to make upgrading easier, common system code is

kept in one place and shared between programs. This particular package

contains the most important sets of shared libraries: the standard C

library and the standard math library. Without these two libraries, a

Linux system will not function.

This update ensures that valgrind works again without installing glibc debuginfo

packages (RHBZ#1570246). It also addresses a security vulnerability in the

`mempcpy` implementation for the Intel Xeon Phi processors (CVE-2018-11237,

RHBZ#1581275). Furthermore, the switch to libidn2 uses the final upstream

patches (RHBZ#1452750(.

* Thu May 24 2018 Florian Weimer - 2.27-15

- Rebuild to add back .symtab section in ld.so (#1570246)

- Switch to upstream version of libidn2 removal (#1452750)

- Auto-sync with upstream branch release/2.27/master,

commit 50df56ca86a281c8fd99a8100aac75539813788d:

- CVE-2018-11237: Buffer overflow in mempcpy for Xeon Phi (#1581275)

* Thu May 17 2018 Florian Weimer - 2.27-14

- Do not run telinit u on upgrades (#1579225)

* Tue May 15 2018 Florian Weimer - 2.27-13

- Auto-sync with upstream branch release/2.27/master,

commit 0cd4a5e87f6885a2f15fe8e7eb7378d010cdb606:

- sunrpc: Remove stray exports (#1577210)

- gd_GB: Fix typo in abbreviated "May" (swbz#23152)

- realpath: Fix path length overflow (swbz#22786)

- elf: Fix stack overflow with huge PT_NOTE segment (swbz#20419)

- resolv: Fully initialize struct mmsghdr in send_dg (swbz#23037)

- manual: Various fixes to the mbstouwcs example, and mbrtowc update

- getlogin_r: return early when linux sentinel value is set

- resolv: Fix crash in resolver on memory allocation failure (swbz#23005)

- Fix signed integer overflow in random_r (swbz#17343)

- RISC-V: fix struct kernel_sigaction to match the kernel version (swbz#23069)

* Fri May 11 2018 Florian Weimer - 2.27-12

- Unconditionally build downstream with -mstackrealign for now

* Fri May 11 2018 Florian Weimer - 2.27-11

- Inherit compiler flags in the original order

* Fri May 11 2018 Florian Weimer - 2.27-10

- Inherit the -mstackrealign flag if it is set

* Fri May 11 2018 Florian Weimer - 2.27-9

- Use /usr/bin/python3 for benchmarks scripts (#1577223)

[ 1 ] Bug #1452750 - glibc: switch to libidn2

https://bugzilla.redhat.com/show_bug.cgi?id=1452750

[ 2 ] Bug #1581275 - CVE-2018-11237 glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1581275

[ 3 ] Bug #1570246 - glibc: When built with file 5.33, valgrind stops working due to RPM ELF processing [Fedora]

https://bugzilla.redhat.com/show_bug.cgi?id=1570246

su -c 'dnf upgrade --advisory FEDORA-2018-916dfe0d86' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BBWUKF5U44F6HF2DUOJ3YDSML67Q4TT/

FEDORA-2018-916dfe0d86 2018-05-27 19:30:55.541742 Product : Fedora 28 Version : 2.27 Release : 15.fc28 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. This update ensures that valgrind works again without installing glibc debuginfo packages (RHBZ#1570246). It also addresses a security vulnerability in the `mempcpy` implementation for the Intel Xeon Phi processors (CVE-2018-11237, RHBZ#1581275). Furthermore, the switch to libidn2 uses the final upstream patches (RHBZ#1452750(. * Thu May 24 2018 Florian Weimer - 2.27-15 - Rebuild to add back .symtab section in ld.so (#1570246) - Switch to upstream version of libidn2 removal (#1452750) - Auto-sync with upstream branch release/2.27/master, commit 50df56ca86a281c8fd99a8100aac75539813788d: - CVE-2018-11237: Buffer overflow in mempcpy for Xeon Phi (#1581275) * Thu May 17 2018 Florian Weimer - 2.27-14 - Do not run telinit u on upgrades (#1579225) * Tue May 15 2018 Florian Weimer - 2.27-13 - Auto-sync with upstream branch release/2.27/master, commit 0cd4a5e87f6885a2f15fe8e7eb7378d010cdb606: - sunrpc: Remove stray exports (#1577210) - gd_GB: Fix typo in abbreviated "May" (swbz#23152) - realpath: Fix path length overflow (swbz#22786) - elf: Fix stack overflow with huge PT_NOTE segment (swbz#20419) - resolv: Fully initialize struct mmsghdr in send_dg (swbz#23037) - manual: Various fixes to the mbstouwcs example, and mbrtowc update - getlogin_r: return early when linux sentinel value is set - resolv: Fix crash in resolver on memory allocation failure (swbz#23005) - Fix signed integer overflow in random_r (swbz#17343) - RISC-V: fix struct kernel_sigaction to match the kernel version (swbz#23069) * Fri May 11 2018 Florian Weimer - 2.27-12 - Unconditionally build downstream with -mstackrealign for now * Fri May 11 2018 Florian Weimer - 2.27-11 - Inherit compiler flags in the original order * Fri May 11 2018 Florian Weimer - 2.27-10 - Inherit the -mstackrealign flag if it is set * Fri May 11 2018 Florian Weimer - 2.27-9 - Use /usr/bin/python3 for benchmarks scripts (#1577223) [ 1 ] Bug #1452750 - glibc: switch to libidn2 https://bugzilla.redhat.com/show_bug.cgi?id=1452750 [ 2 ] Bug #1581275 - CVE-2018-11237 glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1581275 [ 3 ] Bug #1570246 - glibc: When built with file 5.33, valgrind stops working due to RPM ELF processing [Fedora] https://bugzilla.redhat.com/show_bug.cgi?id=1570246 su -c 'dnf upgrade --advisory FEDORA-2018-916dfe0d86' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BBWUKF5U44F6HF2DUOJ3YDSML67Q4TT/