Oracle Linux: (CVE-2017-1213) ELSA-2018-0805: glibc security, bug fix, and enhancement update

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2018-0805:

[2.17-222] - Restore internal GLIBC_PRIVATE symbols for use during upgrades (#1523119) [2.17-221] - CVE-2018-1000001: Fix realpath() buffer underflow (#1534635) - i386: Fix unwinding for 32-bit C++ application (#1529982) - Reduce thread and dynamic loader stack usage (#1527904) - x86-64: Use XSAVE/XSAVEC more often during lazy symbol binding (#1528418) [2.17-220] - Update HWCAP bits for IBM POWER9 DD2.1 (#1503854) [2.17-219] - Rebuild with newer gcc for aarch64 stack probing fixes (#1500475) [2.17-218] - Improve memcpy performance for POWER9 DD2.1 (#1498925) [2.17-217] - Update Linux system call list to kernel 4.13 (#1508895) [2.17-216] - x86-64: Use XSAVE/XSAVEC in the ld.so trampoline (#1504969) [2.17-215] - CVE-2017-15670: glob: Fix one-byte overflow with GLOB_TILDE (#1504809) - CVE-2017-15804: glob: Fix buffer overflow in GLOB_TILDE unescaping (#1504809) [2.17-214] - Fix check-localplt test failure. - Include ld.so in check-localplt test. (#1440250) [2.17-213] - Fix build warning in locarchive.c (#1349964) [2.17-212] - Hide reference to mktemp in libpthread (#1349962) [2.17-211] - Implement fopencookie hardening (#1372305) [2.17-210] - x86-64: Support __tls_get_addr with an unaligned stack (#1468807) [2.17-209] - Define CLOCK_TAI in(#1448822)[2.17-208]- Compile glibc with -fstack-clash-protection (#1500475)[2.17-207]- aarch64: Avoid invalid relocations in the startup code (#1500908)[2.17-206]- Fix timezone test failures on large parallel builds. (#1234449, #1378329)[2.17-205]- Handle DSOs with no PLT (#1445781)[2.17-204]- libio: Implement vtable verification (#1398413)[2.17-203]- Fix socket system call selection on s390x (#1498566).- Use different construct for protected visibility in IFUNC tests (#1445644)[2.17-202]- Rebase the DNS stub resolver and getaddrinfo to the glibc 2.26 version- Support an arbitrary number of search domains in the stub resolver (#677316)- Detect and apply /etc/resolv.conf changes in libresolv (#1432085)- CVE-2017-1213: Fragmentation attacks possible when ENDS0 is enabled (#1487063)- CVE-2016-3706: Stack (frame) overflow in getaddrinfo when called with AF_INET, AF_INET6 (#1329674)- CVE-2015-5180: resolv: Fix crash with internal QTYPE (#1497131)- CVE-2014-9402: denial of service in getnetbyname function (#1497132)- Fix getaddrinfo to handle certain long lines in /etc/hosts (#1452034)- Make RES_ROTATE start with a random name server (#1257639)- Stricter IPv6 address parser (#1484034)- Remove noip6dotint support from the stub resolver (#1482988)- Remove partial bitstring label support from the stub resolver- Remove unsupported resolver hook functions from the API- Remove outdated RR type classification macros from the API- hesiod: Always use TLS resolver state- hesiod: Avoid non-trust-boundary crossing heap overflow in get_txt_records[2.17.201]- Fix hang in nscd cache prune thread (#1435615)[2.17-200]- Add binary timezone test data files (#1234449, #1378329)[2.17.198]- Add support for new IBM z14 (s390x) instructions (#1375235)[2.17-197]- Fix compile warnings in malloc (#1347277)- Fix occasional tst-malloc-usable failures (#1348000)- Additional chunk hardening in malloc (#1447556)- Pointer alignment fix in nss group merge (#1463692)- Fix SIGSEGV when LD_LIBRARY_PATH only has non-existing paths (#1443236)