Summary: | <sys-libs/glibc-2.15-r3 : F_S format string protection bypass via "nargs" integer overflow (CVE-2012-0864) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | kfm, toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=794766 | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-02-20 09:49:06 UTC
this should be fixed once glibc-2.16 is released ... not really planning on back porting before that ... ChromiumOS has been testing this patch for a while, so i just applied it to our glibc-2.15-r3 as it should be "safe" http://sources.gentoo.org/gentoo/src/patchsets/glibc/2.15/0071_all_glibc-2.16-vfprintf-args.patch?rev=1.1 (In reply to comment #2) > ChromiumOS has been testing this patch for a while, so i just applied it to > our glibc-2.15-r3 as it should be "safe" > > http://sources.gentoo.org/gentoo/src/patchsets/glibc/2.15/0071_all_glibc-2. > 16-vfprintf-args.patch?rev=1.1 So we will stabilize 2.15-r3 or 2.16 ? considering people are dragging their heels on 2.16, we'll have to stabilize 2.15-r3 first (In reply to comment #4) > considering people are dragging their heels on 2.16, we'll have to stabilize > 2.15-r3 first Ok, fixed the summary. Do you plan to wait a bit before stabilize? (In reply to comment #5) i think the normal ~30 days is fine Arches, please test and mark stable: =sys-libs/glibc-2.15-r3 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" amd64 stable x86 stable stable ppc ppc64 with a complete emerge -e @system stable on arm with complete emerge -e @system i've marked alpha/ia64/s390 stable, and listed -hppa since that isn't going to get fixed any time soon (waiting on upstream) sparc stable and sh can't do due to bug 415591 Thanks, everyone. Adding to existing GLSA request. toolchain done CVE-2012-0864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0864): Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. @maintainers: please clean affected versions so we can ship the GLSA. Affected versions will not be removed so go ahead. If we must. This issue was resolved and addressed in GLSA 201312-01 at http://security.gentoo.org/glsa/glsa-201312-01.xml by GLSA coordinator Chris Reffett (creffett). |