Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 608706 (CVE-2016-6323)

Summary: <sys-libs/glibc-2.23-r3: Missing unwind info in __startcontext causes infinite loop in _Unwind_Backtrace
Product: Gentoo Security Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: toolchain
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: A3 [glsa cve glsa blocked]
Package list:
Runtime testing required: ---
Bug Depends on: 622220    
Bug Blocks:    

Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-02-09 09:13:02 UTC

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.

Upstream bug:

Upstream patch:;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-02-09 09:14:45 UTC
@ Maintainer(s): The vulnerability is fixed in >=sys-libs/glibc-2.25. Please bump the package and tell us if you plan to backport the fix.
Comment 2 SpanKY gentoo-dev 2017-02-09 10:36:49 UTC
this fix i had cherry picked into the first 2.24 patchset already
Comment 3 Matthias Maier gentoo-dev 2017-06-11 16:35:33 UTC
The fix already made it into Patchset 5 for glibc 2.23.
Comment 4 Matthias Maier gentoo-dev 2017-06-19 16:30:55 UTC
commit aa57c4a8ee21fa208a21388c1291260c1dd8c389
Author: Matthias Maier <>
Date:   Thu Jun 8 11:20:38 2017 -0500

    profiles: Mask all glibc versions older than 2.23
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2017-06-20 17:55:34 UTC
This issue was resolved and addressed in
 GLSA 201706-19 at
by GLSA coordinator Thomas Deutschmann (whissi).