Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 627238 (CVE-2017-12133)

Summary: <sys-libs/glibc-2.25-r4: Use-after-free read access in clntudp_call in sunrpc
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1478288
Whiteboard: A4 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 637140    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2017-08-07 13:12:19 UTC 
From ${URL} :

CVE-2016-4429 fix introduced a use-after-free vulnerability in clntudp_call of sunrpc.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=21115

Upstream patch:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2017-11-29 12:00:02 UTC 
All vulnerable versions are masked. No further cleanup (toolchain package). 
Nothing to do for toolchain here anymore.
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-03-27 02:48:49 UTC 
Downgraded. DNS spoofing.

GLSA Vote: No