{"affected":[{"ecosystem_specific":{"binaries":[{"glibc":"2.19-40.16.950","glibc-32bit":"2.19-40.16.950","glibc-devel":"2.19-40.16.950","glibc-devel-32bit":"2.19-40.16.950","glibc-html":"2.19-40.16.950","glibc-i18ndata":"2.19-40.16.950","glibc-info":"2.19-40.16.950","glibc-locale":"2.19-40.16.950","glibc-locale-32bit":"2.19-40.16.950","glibc-profile":"2.19-40.16.950","glibc-profile-32bit":"2.19-40.16.950","nscd":"2.19-40.16.950"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"glibc","purl":"pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.19-40.16.950"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"glibc":"2.19-40.16.950","glibc-32bit":"2.19-40.16.950","glibc-devel":"2.19-40.16.950","glibc-devel-32bit":"2.19-40.16.950","glibc-html":"2.19-40.16.950","glibc-i18ndata":"2.19-40.16.950","glibc-info":"2.19-40.16.950","glibc-locale":"2.19-40.16.950","glibc-locale-32bit":"2.19-40.16.950","glibc-profile":"2.19-40.16.950","glibc-profile-32bit":"2.19-40.16.950","nscd":"2.19-40.16.950"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1-LTSS","name":"glibc","purl":"pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.19-40.16.950"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for glibc fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2017-15804: Fix buffer overflow during unescaping of user names in the glob function in glob.c (bsc#1064580).\n- CVE-2017-15670: Fix buffer overflow in glob with GLOB_TILDE (bsc#1064583).\n- CVE-2017-15671: Fix memory leak in glob with GLOB_TILDE (bsc#1064569).\n- CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161).\n- CVE-2017-12132: Reduce advertised EDNS0 buffer size to guard against fragmentation attacks (bsc#1051791).\n","id":"SUSE-SU-2018:2185-1","modified":"2018-08-03T13:49:12Z","published":"2018-08-03T13:49:12Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20182185-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051791"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064569"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064580"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064583"},{"type":"REPORT","url":"https://bugzilla.suse.com/1094161"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12132"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15670"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15671"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15804"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-11236"}],"related":["CVE-2017-12132","CVE-2017-15670","CVE-2017-15671","CVE-2017-15804","CVE-2018-11236"],"summary":"Security update for glibc","upstream":["CVE-2017-12132","CVE-2017-15670","CVE-2017-15671","CVE-2017-15804","CVE-2018-11236"]}