Security update for glibc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1633-1 Final 1 1 2018-06-09T08:29:23Z current 2018-06-09T08:29:23Z 2018-06-09T08:29:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glibc This update for glibc fixes the following issues: This security issue was fixed: - Fixed an buffer overwrite issue in memcpy for Knights Landing CPUs (boo#1092877, CVE-2018-11237) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution for Non-Commercial usage (CC-BY-NC-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution for Non-Commercial usage (CC-BY-NC-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00022.html E-Mail link for openSUSE-SU-2018:1633-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 glibc-2.26-lp150.11.3.2 glibc-32bit-2.26-lp150.11.3.2 glibc-devel-2.26-lp150.11.3.2 glibc-devel-32bit-2.26-lp150.11.3.2 glibc-devel-static-2.26-lp150.11.3.2 glibc-devel-static-32bit-2.26-lp150.11.3.2 glibc-extra-2.26-lp150.11.3.2 glibc-html-2.26-lp150.11.3.2 glibc-i18ndata-2.26-lp150.11.3.2 glibc-info-2.26-lp150.11.3.2 glibc-locale-2.26-lp150.11.3.2 glibc-locale-32bit-2.26-lp150.11.3.2 glibc-profile-2.26-lp150.11.3.2 glibc-profile-32bit-2.26-lp150.11.3.2 glibc-testsuite-src-2.26-lp150.11.3.2 glibc-utils-2.26-lp150.11.3.2 glibc-utils-32bit-2.26-lp150.11.3.2 glibc-utils-src-2.26-lp150.11.3.2 nscd-2.26-lp150.11.3.2 glibc-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-32bit-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-devel-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-devel-32bit-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-devel-static-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-devel-static-32bit-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-extra-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-html-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-i18ndata-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-info-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-locale-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-locale-32bit-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-profile-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-profile-32bit-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-testsuite-src-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-utils-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-utils-32bit-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 glibc-utils-src-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 nscd-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0 An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. CVE-2018-11237 openSUSE Leap 15.0:glibc-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-32bit-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-devel-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-devel-32bit-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-devel-static-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-devel-static-32bit-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-extra-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-html-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-i18ndata-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-info-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-locale-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-locale-32bit-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-profile-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-profile-32bit-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-testsuite-src-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-utils-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-utils-32bit-2.26-lp150.11.3.2 openSUSE Leap 15.0:glibc-utils-src-2.26-lp150.11.3.2 openSUSE Leap 15.0:nscd-2.26-lp150.11.3.2 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00022.html https://www.suse.com/security/cve/CVE-2018-11237.html CVE-2018-11237 https://bugzilla.suse.com/1092877 SUSE Bug 1092877 https://bugzilla.suse.com/1094154 SUSE Bug 1094154 https://bugzilla.suse.com/1118435 SUSE Bug 1118435