ASA-201801-19 generated external raw

[ASA-201801-19] lib32-glibc: privilege escalation
Arch Linux Security Advisory ASA-201801-19 ========================================== Severity: High Date : 2018-01-28 CVE-ID : CVE-2018-1000001 Package : lib32-glibc Type : privilege escalation Remote : No Link : Summary ======= The package lib32-glibc before version 2.26-11 is vulnerable to privilege escalation. Resolution ========== Upgrade to 2.26-11. # pacman -Syu "lib32-glibc>=2.26-11" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== A buffer underflow vulnerability has been discovered in the realpath() function in glibc 2.26 when getcwd() returns a relative or unreachable path (i.e. not starting with '/') which may allow privilege escalation under certain conditions. Impact ====== A local attacker is able to escalate privileges on the affected host. References ==========;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94