The out of bounds stack read in libidn (CVE-2016-6261) is also present in glibc code, and so far unpatched there. CVE: https://nvd.nist.gov/vuln/detail/CVE-2016-6261 Fix from libidn: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d
@Security, can we add to CVE please. Gentoo Security Padawan Daj Uan (jmbailey)
@Toolchain, I'm creating a tracker for this CVE, could you please confirm if glibc is affected by any of the other two CVEs? Thank you
Patch added to gentoo/2.25 and gentoo/2.26 branch
(In reply to Andreas K. Hüttel from comment #3) > Patch added to gentoo/2.25 and gentoo/2.26 branch which particular revision contains the fixes? 2.25-r8 and 2.26-r2?
(In reply to Aaron Bauman from comment #4) > (In reply to Andreas K. Hüttel from comment #3) > > Patch added to gentoo/2.25 and gentoo/2.26 branch > > which particular revision contains the fixes? > > 2.25-r8 and 2.26-r2? None so far, only our git repo... I'll add the info as soon as I make a revbump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d93339d7f5bfe90901a8c6921d1c221b54c8302a commit d93339d7f5bfe90901a8c6921d1c221b54c8302a Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2017-10-27 23:30:07 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2017-10-27 23:30:19 +0000 sys-libs/glibc: Revision bump to 2.25 patchlevel 12, unkeyworded so far Resolves CVE-2017-15670, CVE-2017-15804, CVE-2016-6261 Bug: https://bugs.gentoo.org/634920 Bug: https://bugs.gentoo.org/635010 Bug: https://bugs.gentoo.org/635118 Package-Manager: Portage-2.3.13, Repoman-2.3.4 sys-libs/glibc/Manifest | 1 + sys-libs/glibc/glibc-2.25-r9.ebuild | 154 ++++++++++++++++++++++++++++++++++++ 2 files changed, 155 insertions(+)}
I suspect that this has been introduced in -r9? make subdir=libidn -C libidn ..=../ tests make[2]: Entering directory '/var/tmp/portage/sys-libs/glibc-2.25-r9/work/glibc-2.25/libidn' make[2]: *** No rule to make target '/var/tmp/portage/sys-libs/glibc-2.25-r9/work/build-sparc32-sparc-unknown-linux-gnu-nptl/libidn/check-abi-libcidn.out', needed by 'tests'. make[2]: Target 'tests' not remade because of errors. make[2]: Leaving directory '/var/tmp/portage/sys-libs/glibc-2.25-r9/work/glibc-2.25/libidn' make[1]: *** [Makefile:216: libidn/tests] Error 2
All vulnerable versions are masked. No further cleanup (toolchain package). Nothing to do for toolchain here anymore.
GLSA Vote: No
