Summary: | <sys-libs/glibc-2.25-r9: glob function contains a buffer overflow during unescaping of user names with the ~ operator | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aleksandr Wagner (Kivak) <alwag> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceware.org/bugzilla/show_bug.cgi?id=22332 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 637140, 646492 | ||
Bug Blocks: |
Description
Aleksandr Wagner (Kivak)
2017-10-22 22:29:45 UTC
Patch added to gentoo/2.25 and gentoo/2.26 branch The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d93339d7f5bfe90901a8c6921d1c221b54c8302a commit d93339d7f5bfe90901a8c6921d1c221b54c8302a Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2017-10-27 23:30:07 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2017-10-27 23:30:19 +0000 sys-libs/glibc: Revision bump to 2.25 patchlevel 12, unkeyworded so far Resolves CVE-2017-15670, CVE-2017-15804, CVE-2016-6261 Bug: https://bugs.gentoo.org/634920 Bug: https://bugs.gentoo.org/635010 Bug: https://bugs.gentoo.org/635118 Package-Manager: Portage-2.3.13, Repoman-2.3.4 sys-libs/glibc/Manifest | 1 + sys-libs/glibc/glibc-2.25-r9.ebuild | 154 ++++++++++++++++++++++++++++++++++++ 2 files changed, 155 insertions(+)} All vulnerable versions are masked. No further cleanup (toolchain package). Nothing to do for toolchain here anymore. This issue was resolved and addressed in GLSA 201804-02 at https://security.gentoo.org/glsa/201804-02 by GLSA coordinator Aaron Bauman (b-man). |