Bugzilla – Bug 1064580
VUL-0: CVE-2017-15804: glibc: buffer overflow during unescaping of user names in the glob function in glob.c
Last modified: 2024-05-13 14:33:23 UTC
CVE-2017-15804 The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15804 http://www.cvedetails.com/cve/CVE-2017-15804/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15804 https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8 https://sourceware.org/bugzilla/show_bug.cgi?id=22332
Created attachment 745411 [details] QA Reproducer The reproducer was not working for me. We are missing the advanced sanitization functions in gcc.
This is an autogenerated message for OBS integration: This bug (1064580) was mentioned in https://build.opensuse.org/request/show/535961 Factory / glibc
SUSE-SU-2018:0074-1: An update that solves 7 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1051042,1053188,1063675,1064569,1064580,1064583,1070905,1071319,1073231,1074293 CVE References: CVE-2017-1000408,CVE-2017-1000409,CVE-2017-15670,CVE-2017-15671,CVE-2017-15804,CVE-2017-16997,CVE-2018-1000001 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): glibc-2.22-62.3.4 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): glibc-2.22-62.3.4 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): glibc-2.22-62.3.4 SUSE Linux Enterprise Server 12-SP3 (src): glibc-2.22-62.3.4 SUSE Linux Enterprise Server 12-SP2 (src): glibc-2.22-62.3.4 SUSE Linux Enterprise Desktop 12-SP3 (src): glibc-2.22-62.3.4 SUSE Linux Enterprise Desktop 12-SP2 (src): glibc-2.22-62.3.4 SUSE CaaS Platform ALL (src): glibc-2.22-62.3.4 OpenStack Cloud Magnum Orchestration 7 (src): glibc-2.22-62.3.4
openSUSE-SU-2018:0089-1: An update that solves 7 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1051042,1053188,1063675,1064569,1064580,1064583,1070905,1071319,1073231,1074293 CVE References: CVE-2017-1000408,CVE-2017-1000409,CVE-2017-15670,CVE-2017-15671,CVE-2017-15804,CVE-2017-16997,CVE-2018-1000001 Sources used: openSUSE Leap 42.3 (src): glibc-2.22-10.1, glibc-testsuite-2.22-10.1, glibc-utils-2.22-10.1 openSUSE Leap 42.2 (src): glibc-2.22-4.12.1, glibc-testsuite-2.22-4.12.1, glibc-utils-2.22-4.12.1
SUSE-SU-2018:2185-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1051791,1064569,1064580,1064583,1094161 CVE References: CVE-2017-12132,CVE-2017-15670,CVE-2017-15671,CVE-2017-15804,CVE-2018-11236 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): glibc-2.19-40.16.950 SUSE Linux Enterprise Server 12-SP1-LTSS (src): glibc-2.19-40.16.950
SUSE-SU-2018:2187-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1051791,1064569,1064580,1064583,1074293,1094161 CVE References: CVE-2017-12132,CVE-2017-15670,CVE-2017-15671,CVE-2017-15804,CVE-2018-1000001,CVE-2018-11236 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): glibc-2.19-22.27.958
SUSE-SU-2018:2883-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1058774,1064580,1064583,941234 CVE References: CVE-2015-5180,CVE-2017-15670,CVE-2017-15804 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): glibc-2.11.3-17.110.19.2 SUSE Linux Enterprise Server 11-SP4 (src): glibc-2.11.3-17.110.19.2 SUSE Linux Enterprise Server 11-SP3-LTSS (src): glibc-2.11.3-17.110.19.2 SUSE Linux Enterprise Point of Sale 11-SP3 (src): glibc-2.11.3-17.110.19.2 SUSE Linux Enterprise Debuginfo 11-SP4 (src): glibc-2.11.3-17.110.19.2 SUSE Linux Enterprise Debuginfo 11-SP3 (src): glibc-2.11.3-17.110.19.2
done