Summary: | <sys-libs/glibc-2.19-r1: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters (CVE-2013-4237) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=91ce408 | ||
See Also: | https://bugzilla.redhat.com/show_bug.cgi?id=995839 | ||
Whiteboard: | A2 [glsa cleanup] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 518364 | ||
Bug Blocks: |
Description
Agostino Sarubbo
![]() Time to bump. CVE-2013-4237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4237): sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. Patches available and multiple distributions are updated: https://bugzilla.redhat.com/show_bug.cgi?id=995839 https://sourceware.org/bugzilla/show_bug.cgi?id=14699 (In reply to Yury German from comment #4) > Patches available and multiple distributions are updated: > > https://bugzilla.redhat.com/show_bug.cgi?id=995839 > https://sourceware.org/bugzilla/show_bug.cgi?id=14699 This is fixed in 2.19. 2.19 is not out, http://www.gnu.org/software/libc/libc.html at this moment says: The current stable version of glibc is 2.18. See the NEWS file in the glibc sources for more information. So the tag is upstream/ebuild. this one is kind of bad since it can be poked by a remote system or trying to read malicious USB sticks. so i'll prob cherry pick it back to at least 2.18. actually seems that i've already cherry picked it into glibc-2.18 ;) SpanKY please advise when you are ready to stabilize 2.18-r1. From bug history it looks like there are two security bugs that you "Cherri-Picked" in to this release. Maintainer(s), please drop the vulnerable version(s). Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 201503-04 at http://security.gentoo.org/glsa/glsa-201503-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |