pepelyaevip/vuln-list-update
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
f022b19a87
vuln-list-update/suse/cvrf/testdata/cvrf-opensuse-su-2018-1633-1.xml
rahul2393 a62fe1fcc1
Refactored based on operating system (#81)
2021-04-23 11:21:27 +03:00

231 lines
16 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">Security update for glibc</DocumentTitle>
<DocumentType>SUSE Patch</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>security@suse.de</ContactDetails>
<IssuingAuthority>SUSE Security Team</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openSUSE-SU-2018:1633-1</ID>
</Identification>
<Status>Final</Status>
<Version>1</Version>
<RevisionHistory>
<Revision>
<Number>1</Number>
<Date>2018-06-09T08:29:23Z</Date>
<Description>current</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2018-06-09T08:29:23Z</InitialReleaseDate>
<CurrentReleaseDate>2018-06-09T08:29:23Z</CurrentReleaseDate>
<Generator>
<Engine>cve-database/bin/generate-cvrf.pl</Engine>
<Date>2017-02-24T01:00:00Z</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Topic" Type="Summary" Ordinal="1" xml:lang="en">Security update for glibc</Note>
<Note Title="Details" Type="General" Ordinal="2" xml:lang="en">This update for glibc fixes the following issues:
This security issue was fixed:
- Fixed an buffer overwrite issue in memcpy for Knights Landing CPUs
(boo#1092877, CVE-2018-11237)
</Note>
<Note Title="Terms of Use" Type="Legal Disclaimer" Ordinal="3" xml:lang="en">The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution for Non-Commercial usage (CC-BY-NC-4.0).</Note>
</DocumentNotes>
<DocumentDistribution xml:lang="en">Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution for Non-Commercial usage (CC-BY-NC-4.0)</DocumentDistribution>
<DocumentReferences>
<Reference Type="Self">
<URL>http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00022.html</URL>
<Description>E-Mail link for openSUSE-SU-2018:1633-1</Description>
</Reference>
<Reference Type="Self">
<URL>https://www.suse.com/support/security/rating/</URL>
<Description>SUSE Security Ratings</Description>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Family" Name="openSUSE Leap 15.0">
<Branch Type="Product Name" Name="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0">openSUSE Leap 15.0</FullProductName>
</Branch>
</Branch>
<Branch Type="Product Version" Name="glibc-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-2.26-lp150.11.3.2">glibc-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-32bit-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-32bit-2.26-lp150.11.3.2">glibc-32bit-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-devel-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-devel-2.26-lp150.11.3.2">glibc-devel-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-devel-32bit-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-devel-32bit-2.26-lp150.11.3.2">glibc-devel-32bit-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-devel-static-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-devel-static-2.26-lp150.11.3.2">glibc-devel-static-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-devel-static-32bit-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-devel-static-32bit-2.26-lp150.11.3.2">glibc-devel-static-32bit-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-extra-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-extra-2.26-lp150.11.3.2">glibc-extra-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-html-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-html-2.26-lp150.11.3.2">glibc-html-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-i18ndata-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-i18ndata-2.26-lp150.11.3.2">glibc-i18ndata-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-info-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-info-2.26-lp150.11.3.2">glibc-info-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-locale-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-locale-2.26-lp150.11.3.2">glibc-locale-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-locale-32bit-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-locale-32bit-2.26-lp150.11.3.2">glibc-locale-32bit-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-profile-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-profile-2.26-lp150.11.3.2">glibc-profile-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-profile-32bit-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-profile-32bit-2.26-lp150.11.3.2">glibc-profile-32bit-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-testsuite-src-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-testsuite-src-2.26-lp150.11.3.2">glibc-testsuite-src-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-utils-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-utils-2.26-lp150.11.3.2">glibc-utils-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-utils-32bit-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-utils-32bit-2.26-lp150.11.3.2">glibc-utils-32bit-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="glibc-utils-src-2.26-lp150.11.3.2">
<FullProductName ProductID="glibc-utils-src-2.26-lp150.11.3.2">glibc-utils-src-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Branch Type="Product Version" Name="nscd-2.26-lp150.11.3.2">
<FullProductName ProductID="nscd-2.26-lp150.11.3.2">nscd-2.26-lp150.11.3.2</FullProductName>
</Branch>
<Relationship ProductReference="glibc-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-2.26-lp150.11.3.2">glibc-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-32bit-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-32bit-2.26-lp150.11.3.2">glibc-32bit-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-devel-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-devel-2.26-lp150.11.3.2">glibc-devel-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-devel-32bit-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-devel-32bit-2.26-lp150.11.3.2">glibc-devel-32bit-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-devel-static-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-devel-static-2.26-lp150.11.3.2">glibc-devel-static-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-devel-static-32bit-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-devel-static-32bit-2.26-lp150.11.3.2">glibc-devel-static-32bit-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-extra-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-extra-2.26-lp150.11.3.2">glibc-extra-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-html-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-html-2.26-lp150.11.3.2">glibc-html-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-i18ndata-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-i18ndata-2.26-lp150.11.3.2">glibc-i18ndata-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-info-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-info-2.26-lp150.11.3.2">glibc-info-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-locale-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-locale-2.26-lp150.11.3.2">glibc-locale-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-locale-32bit-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-locale-32bit-2.26-lp150.11.3.2">glibc-locale-32bit-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-profile-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-profile-2.26-lp150.11.3.2">glibc-profile-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-profile-32bit-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-profile-32bit-2.26-lp150.11.3.2">glibc-profile-32bit-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-testsuite-src-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-testsuite-src-2.26-lp150.11.3.2">glibc-testsuite-src-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-utils-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-utils-2.26-lp150.11.3.2">glibc-utils-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-utils-32bit-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-utils-32bit-2.26-lp150.11.3.2">glibc-utils-32bit-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="glibc-utils-src-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:glibc-utils-src-2.26-lp150.11.3.2">glibc-utils-src-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
<Relationship ProductReference="nscd-2.26-lp150.11.3.2" RelationType="Default Component Of" RelatesToProductReference="openSUSE Leap 15.0">
<FullProductName ProductID="openSUSE Leap 15.0:nscd-2.26-lp150.11.3.2">nscd-2.26-lp150.11.3.2 as a component of openSUSE Leap 15.0</FullProductName>
</Relationship>
</ProductTree>
<Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.</Note>
</Notes>
<CVE>CVE-2018-11237</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openSUSE Leap 15.0:glibc-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-32bit-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-devel-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-devel-32bit-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-devel-static-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-devel-static-32bit-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-extra-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-html-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-i18ndata-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-info-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-locale-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-locale-32bit-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-profile-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-profile-32bit-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-testsuite-src-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-utils-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-utils-32bit-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:glibc-utils-src-2.26-lp150.11.3.2</ProductID>
<ProductID>openSUSE Leap 15.0:nscd-2.26-lp150.11.3.2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>moderate</Description>
</Threat>
</Threats>
<Remediations>
<Remediation Type="Vendor Fix">
<Description xml:lang="en">Please Install the update.</Description>
<URL>http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00022.html</URL>
</Remediation>
</Remediations>
<References>
<Reference>
<URL>https://www.suse.com/security/cve/CVE-2018-11237.html</URL>
<Description>CVE-2018-11237</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1092877</URL>
<Description>SUSE Bug 1092877</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1094154</URL>
<Description>SUSE Bug 1094154</Description>
</Reference>
<Reference>
<URL>https://bugzilla.suse.com/1118435</URL>
<Description>SUSE Bug 1118435</Description>
</Reference>
</References>
</Vulnerability>
</cvrfdoc>
View Git Blame Copy Permalink