[ALSA-2022:0896] Moderate: glibc security update
Type:
security
Severity:
moderate
Release date:
2022-03-16
Description:
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Off-by-one buffer overflow/underflow in getcwd() (CVE-2021-3999) * glibc: Stack-based buffer overflow in svcunix_create via long pathnames (CVE-2022-23218) * glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname (CVE-2022-23219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
i686 glibc-static-2.28-164.el8_5.3.i686.rpm 32c392ffccac880d69a75d039434a2c10d011d1dc3bad1c38d9e5860977f4925
i686 nss_hesiod-2.28-164.el8_5.3.i686.rpm 46887f8c5e5987df3b26310d502f17f6ee63d791f775a0a355c74ef975d31e9d
i686 glibc-nss-devel-2.28-164.el8_5.3.i686.rpm eb33c99f4734edd44b57942cb93c92d8407626cd83ca9434f1986c4cf855b592
x86_64 glibc-nss-devel-2.28-164.el8_5.3.x86_64.rpm 8076cf9d4aa2f5736e65b26e27991ecd6f1b377d161a0a7ce10f70ef10cfcb5f
x86_64 nss_hesiod-2.28-164.el8_5.3.x86_64.rpm 946315a7e1c9f3d3e100e8d9cc059ea6b55707e4b3941e1c406d9e1d8f8aefa0
x86_64 glibc-utils-2.28-164.el8_5.3.x86_64.rpm a3d9b563e5937771f9b8ce018f1330619cb7166e5a4607a6a6b294fd84328086
x86_64 glibc-benchtests-2.28-164.el8_5.3.x86_64.rpm ce85595a01c12606157fb56953e9a935613011785a6ada4464e2cd433868e3cc
x86_64 glibc-static-2.28-164.el8_5.3.x86_64.rpm dc37bd89460884d72d7c95a05ff15b6aae68f2b07d6eaa60ae1eee4cfc105862
x86_64 compat-libpthread-nonshared-2.28-164.el8_5.3.x86_64.rpm fd412866b6fcba8c87be7cfb6ff7c016a719b238985b96d9380d6efbe78f6b9f
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.