2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
Updated glibc packages fixes the following security issue: On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program (CVE-2019-19126). Other upstream fixes in this update: - Call dl_open_check after relocation [BZ #24259] - support: Export bindir path on support_path - nss_db: fix endent wrt NULL mappings [BZ #24695] [BZ #24696] - elf: Refuse to dlopen PIE objects [BZ #24323] - Fix alignment of TLS variables for tls variant TLS_TCB_AT_TP [BZ #23403] - Fix assertion in malloc.c:tcache_get - Small tcache improvements - malloc: Remove unwanted leading whitespace in malloc_info [BZ #24867] - malloc: Fix missing accounting of top chunk in malloc_info [BZ #24026] - Add glibc.malloc.mxfast tunable - malloc: Various cleanups for malloc/tst-mxfast - Base max_fast on alignment, not width, of bins [BZ #24903] - Linux: Use in-tree copy of SO constants for !__USE_MISC [BZ #24532]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | glibc | < 2.29-19 | glibc-2.29-19.mga7 |
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%