PublicDateAtUSN: 2017-12-13
Candidate: CVE-2017-1000408
PublicDate: 2018-02-01 04:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000408
 http://www.openwall.com/lists/oss-security/2017/12/11/4
 https://ubuntu.com/security/notices/USN-3534-1
Description:
 A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and
 amplified through the LD_HWCAP_MASK environment variable. Please note that
 many versions of glibc are not vulnerable to this issue if patched for
 CVE-2017-1000366.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884132
 https://sourceware.org/bugzilla/show_bug.cgi?id=22606
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_eglibc:
upstream_eglibc: needs-triage
precise/esm_eglibc: ignored (end of ESM support, was needed)
trusty_eglibc: released (2.19-0ubuntu6.14)
trusty/esm_eglibc: released (2.19-0ubuntu6.14)
xenial_eglibc: DNE
zesty_eglibc: DNE
artful_eglibc: DNE
bionic_eglibc: DNE
cosmic_eglibc: DNE
disco_eglibc: DNE
eoan_eglibc: DNE
focal_eglibc: DNE
groovy_eglibc: DNE
hirsute_eglibc: DNE
devel_eglibc: DNE

Patches_glibc:
 upstream: https://sourceware.org/git/?p=glibc.git;a=commit;h=8a0b17e48b83e933960dfeb8fa08b259f03f310e
upstream_glibc: released (2.27)
precise/esm_glibc: DNE
trusty_glibc: DNE
trusty/esm_glibc: DNE
xenial_glibc: released (2.23-0ubuntu10)
esm-infra/xenial_glibc: released (2.23-0ubuntu10)
zesty_glibc: ignored (reached end-of-life)
artful_glibc: released (2.26-0ubuntu2.1)
bionic_glibc: not-affected (2.27-3ubuntu1)
cosmic_glibc: not-affected (2.27-3ubuntu1)
disco_glibc: not-affected (2.27-3ubuntu1)
eoan_glibc: not-affected (2.27-3ubuntu1)
focal_glibc: not-affected (2.27-3ubuntu1)
groovy_glibc: not-affected (2.27-3ubuntu1)
hirsute_glibc: not-affected (2.27-3ubuntu1)
devel_glibc: not-affected (2.27-3ubuntu1)