Summary: | <sys-apps/util-linux-2.37.1-r1: buffer overflow (CVE-2021-37600) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/karelzak/util-linux/issues/1395 | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 809491 | ||
Bug Blocks: |
Description
John Helmert III
2021-08-01 18:52:18 UTC
Upstream don't consider this an issue: https://github.com/karelzak/util-linux/issues/1395#issuecomment-888984731. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da60551412d12ea1b7b0fe27a7603fb7873d63c2 commit da60551412d12ea1b7b0fe27a7603fb7873d63c2 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2021-08-11 12:25:48 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2021-08-11 12:30:42 +0000 sys-apps/util-linux: Revbump to add various upstream fixes * Erase names in agetty by pressing CTRL-C (#804972) * Fixed user mount of davfs2 filesystems (#805218) * Fixed lscpu segfault on riscv plattform with upstream patch (#802606) + Fixed potential buffer overflow in ipcutils (#806070) (CVE-2021-37600) Bug: https://bugs.gentoo.org/806070 Closes: https://bugs.gentoo.org/804972 Closes: https://bugs.gentoo.org/805218 Closes: https://bugs.gentoo.org/802606 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> .../util-linux-2.37.1-agetty_ctrl-c_erase.patch | 50 +++ .../util-linux-2.37.1-ipcutils_calloc_check.patch | 25 ++ .../util-linux-2.37.1-libmount_setgroups_fix.patch | 38 +++ ...l-linux-2.37.1-lscpu_NULL_dereference_fix.patch | 50 +++ sys-apps/util-linux/util-linux-2.37.1-r1.ebuild | 338 +++++++++++++++++++++ 5 files changed, 501 insertions(+) Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=4e42800d2202837758726b7cc0f86440487fee40 commit 4e42800d2202837758726b7cc0f86440487fee40 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-07 08:30:19 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-07 08:30:48 +0000 [ GLSA 202401-08 ] util-linux: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/806070 Bug: https://bugs.gentoo.org/831978 Bug: https://bugs.gentoo.org/833365 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-08.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) |