ASA-201801-19 generated external raw

[ASA-201801-19] lib32-glibc: privilege escalation
Arch Linux Security Advisory ASA-201801-19 ========================================== Severity: High Date : 2018-01-28 CVE-ID : CVE-2018-1000001 Package : lib32-glibc Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-590 Summary ======= The package lib32-glibc before version 2.26-11 is vulnerable to privilege escalation. Resolution ========== Upgrade to 2.26-11. # pacman -Syu "lib32-glibc>=2.26-11" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A buffer underflow vulnerability has been discovered in the realpath() function in glibc 2.26 when getcwd() returns a relative or unreachable path (i.e. not starting with '/') which may allow privilege escalation under certain conditions. Impact ====== A local attacker is able to escalate privileges on the affected host. References ========== http://www.openwall.com/lists/oss-security/2018/01/11/5 https://sourceware.org/bugzilla/show_bug.cgi?id=22679 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94 https://security.archlinux.org/CVE-2018-1000001