[ALSA-2021:4358] Moderate: glibc security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2021-11-12
Description:
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Arbitrary read in wordexp() (CVE-2021-35942) * glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c (CVE-2021-27645) * glibc: mq_notify does not handle separately allocated thread attributes (CVE-2021-33574) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
i686 nss_hesiod-2.28-164.el8.i686.rpm 30b32bdf7554213a9a013b272965022a21ab49e3602c779eefa2b2c1f1cf62d3
i686 glibc-static-2.28-164.el8.i686.rpm 3655b75cd149b5c92d823a86b983c58d550e5555aace2e2b20bc7549f9424e6f
i686 glibc-nss-devel-2.28-164.el8.i686.rpm a33e59791dcaa9bbdfa9a7dd9fd4891ca69964a749fc67ec3482244a5d44c342
x86_64 glibc-utils-2.28-164.el8.x86_64.rpm 0e8cf8f276fdde22fb2a868d4ca151e35ad965a56168fa7e1c5e45236bf2a95f
x86_64 glibc-nss-devel-2.28-164.el8.x86_64.rpm 934864908fa58eef011db44c9868c3dc4cad74ec6527e89bef64fcf585fa3ba1
x86_64 glibc-benchtests-2.28-164.el8.x86_64.rpm 93bbbad41159ef88fa3a030ecea48652905210400e6e49e53750d001938a22df
x86_64 nss_hesiod-2.28-164.el8.x86_64.rpm bb2a52330941aaa106b798d89cf9667eef65e27811cbf8745ba3ed15e4501919
x86_64 compat-libpthread-nonshared-2.28-164.el8.x86_64.rpm be882b8cf6670aa37c083813123840ee78f447efa9cf88b38d2cdcf6f3e0204d
x86_64 glibc-static-2.28-164.el8.x86_64.rpm fe0a384700760f839d2f405e94d4c23f38835ae72a8c9872a7b3d37d24f92960
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.