Summary: | <sys-libs/glibc-2.31-r6: Signed comparison vulnerability in the ARMv7 memcpy() (CVE-2020-6096) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexander, herrtimson, toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceware.org/bugzilla/show_bug.cgi?id=25620 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 727758 | ||
Bug Blocks: |
Description
Sam James
2020-04-11 11:42:58 UTC
this got fixed upstream by these two commits: https://sourceware.org/git/?p=glibc.git;a=patch;h=eec0f4218cda936a6ab8f543e90b96b196df3fc2 https://sourceware.org/git/?p=glibc.git;a=patch;h=eca1b233322914d9013f3ee4aabecaadc9245abd found via https://sourceware.org/bugzilla/show_bug.cgi?id=25620#c25 they apply to glibc-2.30-r8 , but I could imagine glibc-2.31-r3 being the better place to backport this since 2.30 is already stable (In reply to tt_1 from comment #1) > this got fixed upstream by these two commits: These commits only added tests. The vulnerability was really fixed only recently: https://sourceware.org/bugzilla/show_bug.cgi?id=25620#c27 this got fixed in glibc-2.31 patchset8: sys-libs/glibc: 2.31 bump to patchset 8, finally stable candidate * arm: fix for CVE-2020-6096 * en_US: minimize changes to date_fmt (backport from 2.32) * x86-64: fix avx2 strncmp offset compare condition check * ia64: fix miscompilation on gcc-10 Thanks both. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25382c826776a6af264da6af0153022bc30487ff commit 25382c826776a6af264da6af0153022bc30487ff Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2020-10-30 19:27:56 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2020-10-30 19:29:02 +0000 package.mask: extend glibc mask to <2.31-r6 Bug: https://bugs.gentoo.org/717058 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) All masked. Security please proceed. No cleanup. This issue was resolved and addressed in GLSA 202101-20 at https://security.gentoo.org/glsa/202101-20 by GLSA coordinator Aaron Bauman (b-man). |