Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 930177 (CVE-2024-2961, GLIBC-SA-2024-0004) - <sys-libs/glibc-{2.38-r12, 2.39-r3}: Out-of-bound writes when writing escape sequence in iconv (ISO-2022-CN-EXT)
Summary: <sys-libs/glibc-{2.38-r12, 2.39-r3}: Out-of-bound writes when writing escape ...
Status: RESOLVED FIXED
Alias: CVE-2024-2961, GLIBC-SA-2024-0004
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://openwall.com/lists/oss-securi...
Whiteboard: B2 [glsa+]
Keywords:
: 931308 (view as bug list)
Depends on: 930274 930703
Blocks:
  Show dependency tree
 
Reported: 2024-04-17 22:51 UTC by Sam James
Modified: 2024-08-15 06:26 UTC (History)
7 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-04-17 22:51:39 UTC
"""
The following security advisories have been published:

GLIBC-SA-2024-0004:
===================
ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence

The iconv() function in the GNU C Library versions 2.39 and older may
overflow the output buffer passed to it by up to 4 bytes when converting
strings to the ISO-2022-CN-EXT character set, which may be used to
crash an application or overwrite a neighbouring variable.

ISO-2022-CN-EXT uses escape sequences to indicate character set changes
(as specified by RFC 1922).  While the SOdesignation has the expected
bounds checks, neither SS2designation nor SS3designation have its;
allowing a write overflow of 1, 2, or 3 bytes with fixed values:
'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'.

CVE-Id: CVE-2024-2961
Public-Date: 2024-04-17
Vulnerable-Commit: 755104edc75c53f4a0e7440334e944ad3c6b32fc (2.1.93-169)
Fix-Commit: f9dc609e06b1136bb0408be9605ce7973a767ada (2.40)
Fix-Commit: 31da30f23cddd36db29d5b6a1c7619361b271fb4 (2.39-31)
Fix-Commit: e1135387deded5d73924f6ca20c72a35dc8e1bda (2.38-66)
Fix-Commit: 89ce64b269a897a7780e4c73a7412016381c6ecf (2.37-89)
Fix-Commit: 4ed98540a7fd19f458287e783ae59c41e64df7b5 (2.36-164)
Fix-Commit: 36280d1ce5e245aabefb877fe4d3c6cff95dabfa (2.35-315)
Fix-Commit: a8b0561db4b9847ebfbfec20075697d5492a363c (2.34-459)
Fix-Commit: ed4f16ff6bed3037266f1fa682ebd32a18fce29c (2.33-263)
Fix-Commit: 682ad4c8623e611a971839990ceef00346289cc9 (2.32-140)

Reported-By: Charles Fol

Notes:
======

Published advisories are available directly in the project git repository:
https://sourceware.org/git/?p=glibc.git;a=tree;f=advisories;hb=HEAD
"""
Comment 1 Larry the Git Cow gentoo-dev 2024-04-18 00:39:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3931b13e56d8a3fe3d2bcec3f86f1140bcb3217b

commit 3931b13e56d8a3fe3d2bcec3f86f1140bcb3217b
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2024-04-18 00:38:17 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2024-04-18 00:39:35 +0000

    sys-libs/glibc: 2.38 and 2.39 revbump for CVE-2024-2961, GLIBC-SA-2024-0004
    
    Bug: https://bugs.gentoo.org/930177
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 sys-libs/glibc/Manifest              |    2 +
 sys-libs/glibc/glibc-2.38-r12.ebuild | 1724 ++++++++++++++++++++++++++++++++++
 sys-libs/glibc/glibc-2.39-r3.ebuild  | 1724 ++++++++++++++++++++++++++++++++++
 3 files changed, 3450 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2024-04-18 02:42:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f55bd37a5e0c43c06a528909afb2b1e786173a3

commit 2f55bd37a5e0c43c06a528909afb2b1e786173a3
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-04-18 02:42:14 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-04-18 02:42:14 +0000

    sys-libs/glibc: keyword 2.39-r3
    
    Bug: https://bugs.gentoo.org/930177
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/glibc/glibc-2.39-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8234d44e99abfd5a655d66b63979db4ca853354

commit c8234d44e99abfd5a655d66b63979db4ca853354
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-04-18 01:52:17 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-04-18 01:52:17 +0000

    sys-libs/glibc: keyword 2.38-r12
    
    Bug: https://bugs.gentoo.org/930177
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/glibc/glibc-2.38-r12.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-05-06 16:17:05 UTC
*** Bug 931308 has been marked as a duplicate of this bug. ***
Comment 4 Larry the Git Cow gentoo-dev 2024-05-06 16:21:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=321e9a106808c3799e6007bf5459c5b6adb657a3

commit 321e9a106808c3799e6007bf5459c5b6adb657a3
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-05-06 16:20:24 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-05-06 16:21:25 +0000

    [ GLSA 202405-17 ] glibc: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/930177
    Bug: https://bugs.gentoo.org/930667
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202405-17.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)