Bug 25756 - Update request: glibc-2.29-19.mga7
Summary: Update request: glibc-2.29-19.mga7
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-32-OK, MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-11-26 18:01 CET by Thomas Backlund
Modified: 2019-11-30 14:07 CET (History)
2 users (show)

See Also:
Source RPM: glibc
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2019-11-26 18:01:51 CET 
Updated glibc packages fixes the following security issue:

  On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31
  fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable
  during program execution after a security transition, allowing local
  attackers to restrict the possible mapping addresses for loaded
  libraries and thus bypass ASLR for a setuid program (CVE-2019-19126).

  Other upstream fixes in this update:
  - Call _dl_open_check after relocation [BZ #24259]
  - support: Export bindir path on support_path
  - nss_db: fix endent wrt NULL mappings [BZ #24695] [BZ #24696]
  - elf: Refuse to dlopen PIE objects [BZ #24323]
  - Fix alignment of TLS variables for tls variant TLS_TCB_AT_TP [BZ #23403]
  - Fix assertion in malloc.c:tcache_get
  - Small tcache improvements
  - malloc: Remove unwanted leading whitespace in malloc_info [BZ #24867]
  - malloc: Fix missing accounting of top chunk in malloc_info [BZ #24026]
  - Add glibc.malloc.mxfast tunable
  - malloc: Various cleanups for malloc/tst-mxfast
  - Base max_fast on alignment, not width, of bins [BZ #24903]
  - Linux: Use in-tree copy of SO_ constants for !__USE_MISC [BZ #24532]


SRPM:
glibc-2.29-19.mga7.src.rpm

i586:
glibc-2.29-19.mga7.i586.rpm
glibc-devel-2.29-19.mga7.i586.rpm
glibc-doc-2.29-19.mga7.noarch.rpm
glibc-i18ndata-2.29-19.mga7.i586.rpm
glibc-profile-2.29-19.mga7.i586.rpm
glibc-static-devel-2.29-19.mga7.i586.rpm
glibc-utils-2.29-19.mga7.i586.rpm
nscd-2.29-19.mga7.i586.rpm

x86_64:
glibc-2.29-19.mga7.x86_64.rpm
glibc-devel-2.29-19.mga7.x86_64.rpm
glibc-doc-2.29-19.mga7.noarch.rpm
glibc-i18ndata-2.29-19.mga7.x86_64.rpm
glibc-profile-2.29-19.mga7.x86_64.rpm
glibc-static-devel-2.29-19.mga7.x86_64.rpm
glibc-utils-2.29-19.mga7.x86_64.rpm
nscd-2.29-19.mga7.x86_64.rpm
Comment 1 Thomas Andrews 2019-11-26 21:03:38 CET 
Dell Inspiron 5100, 32-bit P4, 2GB RAM, Radeon RV200 graphics, atheros wifi, 32-bit Xvce system.

Updated glibc as a priority update, then got nscd. Both packages installed cleanly. After rebooting, no issues noted.

Good on this hardware.

CC: (none) => andrewsfarm

Comment 2 Thomas Andrews 2019-11-27 03:41:10 CET 
Athlon X2 7750, 8GB RAM, Geforce 210 video, Atheros wifi, 64-bit Plasma system.

Also i5 2500, 16GB Ram, Intel graphics, wired Internet, 64-bit Plasma system.

Both systems updated the glibc and glibc-devel packages. All packajes installed cleanly. After reboot and using the systems for an hour, no issues noted.

Calling this OK for both arches, and validating. Advisory information in Comment 0.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-32-OK, MGA7-64-OK

Thomas Backlund 2019-11-30 12:48:27 CET

Keywords: (none) => advisory

Comment 3 Mageia Robot 2019-11-30 14:07:59 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0349.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.