This update for glibc provides fixes for security and non-security issues.
These security issues have been fixed:
- CVE-2015-1781: Buffer length after padding in resolv/nss_dns/dns-host.c. (bsc#927080) - CVE-2013-2207: pt_chown did not properly check permissions for tty files, which allowed local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (bsc#830257) - CVE-2014-8121: DB_LOOKUP in the Name Service Switch (NSS) did not properly check if a file is open, which allowed remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. (bsc#918187) - Fix read past end of pattern in fnmatch. (bsc#920338)
These non-security issues have been fixed:
- Fix locking in _IO_flush_all_lockp() to prevent deadlocks in applications. (bsc#851280) - Record TTL also for DNS PTR queries. (bsc#928723) - Fix invalid free in ld.so. (bsc#932059) - Make PowerPC64 default to non-executable stack. (bsc#933770) - Fix floating point exceptions in some circumstances with exp() and friends. (bsc#933903) - Fix bad TEXTREL in glibc.i686. (bsc#935286)
openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8