From ${URL} : I recently discovered three integer overflow issues in the glibc memory allocator functions pvalloc, valloc and posix_memalign/memalign/aligned_alloc. These issues cause a large allocation size to wrap around and cause a wrong sized allocation and heap corruption. The issues are fixed in glibc mainline. The relevant glibc bugzilla entries are here: https://sourceware.org/bugzilla/show_bug.cgi?id=15855 https://sourceware.org/bugzilla/show_bug.cgi?id=15856 https://sourceware.org/bugzilla/show_bug.cgi?id=15857 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Number 1: https://sourceware.org/bugzilla/show_bug.cgi?id=15855 FIX: Fixed in commit 1159a193696ad48ec86e5895f6dee3e539619c0e. Number 2: https://sourceware.org/bugzilla/show_bug.cgi?id=15856 Fix: Fixed in commit 55e17aadc1ef17a1df9626fb0e9fba290ece3331. Number 3: https://sourceware.org/bugzilla/show_bug.cgi?id=15857 Fix: Fixed in commit b73ed247781d533628b681f57257dc85882645d3.
CVE-2013-4332 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4332): Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
*** Bug 494444 has been marked as a duplicate of this bug. ***
My duplicate with the sampled patches from Debian~unstable source https://bugs.gentoo.org/show_bug.cgi?id=494444 has not only "Check for overflow." but also a patch to "stack_chk_guard" and a Debian proposal to not crash when a locale doesn't exist.
Shouldn't this bug block the stabilization of glibc 2.17?
i've cherry picked this into the glibc-2.18 patchset
Maintainer(s), please drop the vulnerable version(s). Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201503-04 at http://security.gentoo.org/glsa/glsa-201503-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F).