Red Hat Product Errata RHSA-2021:3315 - Security Advisory
Issued:
2021-08-31
Updated:
2021-08-31

RHSA-2021:3315 - Security Advisory

Synopsis

Moderate: glibc security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for glibc is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

Security Fix(es):

  • glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029)
  • glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern (CVE-2020-29573)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • glibc: Adjust to rpm's find-debuginfo.sh changes, to keep stripping binaries (BZ#1982317)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.6 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6 x86_64

Fixes

  • BZ - 1810670 - CVE-2020-10029 glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions
  • BZ - 1905213 - CVE-2020-29573 glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern
  • BZ - 1982317 - glibc: Adjust to rpm's find-debuginfo.sh changes, to keep stripping binaries [rhel-7.7] [rhel-7.6.0.z]

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
glibc-2.17-260.el7_6.9.src.rpm SHA-256: eab10ef5893aa00f96600c4c83f03b8b6612ed8c0b2ec23eacc4a83394ff0f64
x86_64
glibc-2.17-260.el7_6.9.i686.rpm SHA-256: abd7a6b40bc1f745b6403b2b97856a852df6ae475829c50cba6bc10aaaf84290
glibc-2.17-260.el7_6.9.x86_64.rpm SHA-256: 0243f1c51e6eaee65f82f70b8a0749b788a16120afab0ca066e17e29ba7b56b9
glibc-common-2.17-260.el7_6.9.x86_64.rpm SHA-256: a1a9460c0a0d6fc9ad1d7367794f8c99e137cbcc5642725001dd960ead7937f7
glibc-debuginfo-2.17-260.el7_6.9.i686.rpm SHA-256: 7d0efdb3d8b5b4c03272908cd53c211ffc067e5ca19ef0d19aaa1ce02f22ae85
glibc-debuginfo-2.17-260.el7_6.9.i686.rpm SHA-256: 7d0efdb3d8b5b4c03272908cd53c211ffc067e5ca19ef0d19aaa1ce02f22ae85
glibc-debuginfo-2.17-260.el7_6.9.x86_64.rpm SHA-256: d57ac085df36f633f6b82ecf1c2363127663b9b419266609340d465493bc2693
glibc-debuginfo-2.17-260.el7_6.9.x86_64.rpm SHA-256: d57ac085df36f633f6b82ecf1c2363127663b9b419266609340d465493bc2693
glibc-debuginfo-common-2.17-260.el7_6.9.i686.rpm SHA-256: 0f1a8b14a1346b631d564d8c9bd7326e324abee615b88aeff5d695a4584c3e39
glibc-debuginfo-common-2.17-260.el7_6.9.i686.rpm SHA-256: 0f1a8b14a1346b631d564d8c9bd7326e324abee615b88aeff5d695a4584c3e39
glibc-debuginfo-common-2.17-260.el7_6.9.x86_64.rpm SHA-256: 19326b83d94cbd36f2c5ebd53048b9610fc19bba45b81afa934ef3fc5a77684f
glibc-debuginfo-common-2.17-260.el7_6.9.x86_64.rpm SHA-256: 19326b83d94cbd36f2c5ebd53048b9610fc19bba45b81afa934ef3fc5a77684f
glibc-devel-2.17-260.el7_6.9.i686.rpm SHA-256: 6602add36e8b35167fad2b458971d2ee7c4f92c6f14b10d03dadcd270425d14f
glibc-devel-2.17-260.el7_6.9.x86_64.rpm SHA-256: 732eb52aae2df2819a4835903c941b19b9e4d241ceff4bb97c71cbc82c5c012c
glibc-headers-2.17-260.el7_6.9.x86_64.rpm SHA-256: c0e65c8c8315e5f3b7d1c8363da8c780d070fbced86a25be895a3ba1153d02f7
glibc-static-2.17-260.el7_6.9.i686.rpm SHA-256: c81c92b35408a8992865063d0b7bd371e94e4504d0dd1f10386255f067c1dc0b
glibc-static-2.17-260.el7_6.9.x86_64.rpm SHA-256: 0d41cb2d2ae46a5bd72041f48266472cb2ef71be4303c5da95b80a193c4439d1
glibc-utils-2.17-260.el7_6.9.x86_64.rpm SHA-256: 3348cbfc0553ad643ff90ed8996192295426de367a2e1faa9d041bb3fcf37a06
nscd-2.17-260.el7_6.9.x86_64.rpm SHA-256: 4d39906ec2718fb6f3bfccf3cf17e1ea19a02a8bdb3731816a12b28b41078280

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
glibc-2.17-260.el7_6.9.src.rpm SHA-256: eab10ef5893aa00f96600c4c83f03b8b6612ed8c0b2ec23eacc4a83394ff0f64
x86_64
glibc-2.17-260.el7_6.9.i686.rpm SHA-256: abd7a6b40bc1f745b6403b2b97856a852df6ae475829c50cba6bc10aaaf84290
glibc-2.17-260.el7_6.9.x86_64.rpm SHA-256: 0243f1c51e6eaee65f82f70b8a0749b788a16120afab0ca066e17e29ba7b56b9
glibc-common-2.17-260.el7_6.9.x86_64.rpm SHA-256: a1a9460c0a0d6fc9ad1d7367794f8c99e137cbcc5642725001dd960ead7937f7
glibc-debuginfo-2.17-260.el7_6.9.i686.rpm SHA-256: 7d0efdb3d8b5b4c03272908cd53c211ffc067e5ca19ef0d19aaa1ce02f22ae85
glibc-debuginfo-2.17-260.el7_6.9.i686.rpm SHA-256: 7d0efdb3d8b5b4c03272908cd53c211ffc067e5ca19ef0d19aaa1ce02f22ae85
glibc-debuginfo-2.17-260.el7_6.9.x86_64.rpm SHA-256: d57ac085df36f633f6b82ecf1c2363127663b9b419266609340d465493bc2693
glibc-debuginfo-2.17-260.el7_6.9.x86_64.rpm SHA-256: d57ac085df36f633f6b82ecf1c2363127663b9b419266609340d465493bc2693
glibc-debuginfo-common-2.17-260.el7_6.9.i686.rpm SHA-256: 0f1a8b14a1346b631d564d8c9bd7326e324abee615b88aeff5d695a4584c3e39
glibc-debuginfo-common-2.17-260.el7_6.9.i686.rpm SHA-256: 0f1a8b14a1346b631d564d8c9bd7326e324abee615b88aeff5d695a4584c3e39
glibc-debuginfo-common-2.17-260.el7_6.9.x86_64.rpm SHA-256: 19326b83d94cbd36f2c5ebd53048b9610fc19bba45b81afa934ef3fc5a77684f
glibc-debuginfo-common-2.17-260.el7_6.9.x86_64.rpm SHA-256: 19326b83d94cbd36f2c5ebd53048b9610fc19bba45b81afa934ef3fc5a77684f
glibc-devel-2.17-260.el7_6.9.i686.rpm SHA-256: 6602add36e8b35167fad2b458971d2ee7c4f92c6f14b10d03dadcd270425d14f
glibc-devel-2.17-260.el7_6.9.x86_64.rpm SHA-256: 732eb52aae2df2819a4835903c941b19b9e4d241ceff4bb97c71cbc82c5c012c
glibc-headers-2.17-260.el7_6.9.x86_64.rpm SHA-256: c0e65c8c8315e5f3b7d1c8363da8c780d070fbced86a25be895a3ba1153d02f7
glibc-static-2.17-260.el7_6.9.i686.rpm SHA-256: c81c92b35408a8992865063d0b7bd371e94e4504d0dd1f10386255f067c1dc0b
glibc-static-2.17-260.el7_6.9.x86_64.rpm SHA-256: 0d41cb2d2ae46a5bd72041f48266472cb2ef71be4303c5da95b80a193c4439d1
glibc-utils-2.17-260.el7_6.9.x86_64.rpm SHA-256: 3348cbfc0553ad643ff90ed8996192295426de367a2e1faa9d041bb3fcf37a06
nscd-2.17-260.el7_6.9.x86_64.rpm SHA-256: 4d39906ec2718fb6f3bfccf3cf17e1ea19a02a8bdb3731816a12b28b41078280

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6

SRPM
glibc-2.17-260.el7_6.9.src.rpm SHA-256: eab10ef5893aa00f96600c4c83f03b8b6612ed8c0b2ec23eacc4a83394ff0f64
ppc64le
glibc-2.17-260.el7_6.9.ppc64le.rpm SHA-256: 7c61e18572c8f992a2d0bbb77fe5cedce1bd806eee5146db6292bf9d7adb0a3f
glibc-common-2.17-260.el7_6.9.ppc64le.rpm SHA-256: 054c76919c6bf27f762c2554227f99122d657757439c16551afe96049353e486
glibc-debuginfo-2.17-260.el7_6.9.ppc64le.rpm SHA-256: bf3f117ca957ae1c9001f6c919bf8e1278b9be8ed0cea7a1fae2d921c35ce1e2
glibc-debuginfo-2.17-260.el7_6.9.ppc64le.rpm SHA-256: bf3f117ca957ae1c9001f6c919bf8e1278b9be8ed0cea7a1fae2d921c35ce1e2
glibc-debuginfo-common-2.17-260.el7_6.9.ppc64le.rpm SHA-256: d63ffe92c5357e090686107dccf23086cf1cff9b1c5e94657cdd44554374bec8
glibc-debuginfo-common-2.17-260.el7_6.9.ppc64le.rpm SHA-256: d63ffe92c5357e090686107dccf23086cf1cff9b1c5e94657cdd44554374bec8
glibc-devel-2.17-260.el7_6.9.ppc64le.rpm SHA-256: 1b35b0a91e2075c6a4eaa394dc0c944e90d3c332ff39714bd716845d6cc98c7d
glibc-headers-2.17-260.el7_6.9.ppc64le.rpm SHA-256: a512181d563866ca0649275447ef7abad231238fd3d2f95af42080907d900a26
glibc-static-2.17-260.el7_6.9.ppc64le.rpm SHA-256: 76582d499bf2afc1d164d10f8f78daa981ba6cc47cee8712ab55c87ff6305a37
glibc-utils-2.17-260.el7_6.9.ppc64le.rpm SHA-256: 7db7d7489a9104ae50eafff5f3a507d4c91227117019d9a1eee532cddabbd82d
nscd-2.17-260.el7_6.9.ppc64le.rpm SHA-256: 7ba76581334321ee6bd6743cf3c848ce5bf96df95e1efa2c360604270932a377

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6

SRPM
glibc-2.17-260.el7_6.9.src.rpm SHA-256: eab10ef5893aa00f96600c4c83f03b8b6612ed8c0b2ec23eacc4a83394ff0f64
x86_64
glibc-2.17-260.el7_6.9.i686.rpm SHA-256: abd7a6b40bc1f745b6403b2b97856a852df6ae475829c50cba6bc10aaaf84290
glibc-2.17-260.el7_6.9.x86_64.rpm SHA-256: 0243f1c51e6eaee65f82f70b8a0749b788a16120afab0ca066e17e29ba7b56b9
glibc-common-2.17-260.el7_6.9.x86_64.rpm SHA-256: a1a9460c0a0d6fc9ad1d7367794f8c99e137cbcc5642725001dd960ead7937f7
glibc-debuginfo-2.17-260.el7_6.9.i686.rpm SHA-256: 7d0efdb3d8b5b4c03272908cd53c211ffc067e5ca19ef0d19aaa1ce02f22ae85
glibc-debuginfo-2.17-260.el7_6.9.i686.rpm SHA-256: 7d0efdb3d8b5b4c03272908cd53c211ffc067e5ca19ef0d19aaa1ce02f22ae85
glibc-debuginfo-2.17-260.el7_6.9.x86_64.rpm SHA-256: d57ac085df36f633f6b82ecf1c2363127663b9b419266609340d465493bc2693
glibc-debuginfo-2.17-260.el7_6.9.x86_64.rpm SHA-256: d57ac085df36f633f6b82ecf1c2363127663b9b419266609340d465493bc2693
glibc-debuginfo-common-2.17-260.el7_6.9.i686.rpm SHA-256: 0f1a8b14a1346b631d564d8c9bd7326e324abee615b88aeff5d695a4584c3e39
glibc-debuginfo-common-2.17-260.el7_6.9.i686.rpm SHA-256: 0f1a8b14a1346b631d564d8c9bd7326e324abee615b88aeff5d695a4584c3e39
glibc-debuginfo-common-2.17-260.el7_6.9.x86_64.rpm SHA-256: 19326b83d94cbd36f2c5ebd53048b9610fc19bba45b81afa934ef3fc5a77684f
glibc-debuginfo-common-2.17-260.el7_6.9.x86_64.rpm SHA-256: 19326b83d94cbd36f2c5ebd53048b9610fc19bba45b81afa934ef3fc5a77684f
glibc-devel-2.17-260.el7_6.9.i686.rpm SHA-256: 6602add36e8b35167fad2b458971d2ee7c4f92c6f14b10d03dadcd270425d14f
glibc-devel-2.17-260.el7_6.9.x86_64.rpm SHA-256: 732eb52aae2df2819a4835903c941b19b9e4d241ceff4bb97c71cbc82c5c012c
glibc-headers-2.17-260.el7_6.9.x86_64.rpm SHA-256: c0e65c8c8315e5f3b7d1c8363da8c780d070fbced86a25be895a3ba1153d02f7
glibc-static-2.17-260.el7_6.9.i686.rpm SHA-256: c81c92b35408a8992865063d0b7bd371e94e4504d0dd1f10386255f067c1dc0b
glibc-static-2.17-260.el7_6.9.x86_64.rpm SHA-256: 0d41cb2d2ae46a5bd72041f48266472cb2ef71be4303c5da95b80a193c4439d1
glibc-utils-2.17-260.el7_6.9.x86_64.rpm SHA-256: 3348cbfc0553ad643ff90ed8996192295426de367a2e1faa9d041bb3fcf37a06
nscd-2.17-260.el7_6.9.x86_64.rpm SHA-256: 4d39906ec2718fb6f3bfccf3cf17e1ea19a02a8bdb3731816a12b28b41078280

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.