Bug 807935 (CVE-2021-38604)

Summary:	<sys-libs/glibc-2.33-r7: NULL pointer dereference (CVE-2021-38604)
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	sam, toolchain
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://sourceware.org/bugzilla/show_bug.cgi?id=28213
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=792261
Whiteboard:	A4 [glsa+]
Package list:		Runtime testing required:	---
Bug Depends on:	809410
Bug Blocks:

Description John Helmert III archtester

2021-08-12 23:46:32 UTC

CVE-2021-38604:

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

Patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8

Comment 1 Sam James archtester

2021-08-18 03:37:00 UTC

We're waiting for news on a backport.

Comment 2 Larry the Git Cow gentoo-dev

2021-08-18 18:01:13 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7fb14f0b1a2d1e590437487be9a6a2c278aafd60

commit 7fb14f0b1a2d1e590437487be9a6a2c278aafd60
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2021-08-18 18:00:28 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2021-08-18 18:01:02 +0000

    sys-libs/glibc: Bump 2.34 patchlevel to 2 (unkeyworded)
    
    Bug: https://bugs.gentoo.org/807935
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 sys-libs/glibc/Manifest          | 2 +-
 sys-libs/glibc/glibc-2.34.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c150cdb5bc5d9fc84079cc764957b7823c3bf43

commit 8c150cdb5bc5d9fc84079cc764957b7823c3bf43
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2021-08-18 17:56:02 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2021-08-18 18:00:55 +0000

    sys-libs/glibc: 2.33 revision/patchlevel 6 bump
    
    Bug: https://bugs.gentoo.org/807935
    Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=28213
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 sys-libs/glibc/Manifest             |    1 +
 sys-libs/glibc/glibc-2.33-r7.ebuild | 1551 +++++++++++++++++++++++++++++++++++
 2 files changed, 1552 insertions(+)

Comment 3 John Helmert III archtester

2022-08-14 05:20:44 UTC

GLSA request filed

Comment 4 Larry the Git Cow gentoo-dev

2022-08-14 14:34:44 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=db5361e1e42ef0dfb4d6eda6648cae61bea60edf

commit db5361e1e42ef0dfb4d6eda6648cae61bea60edf
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 14:29:01 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-24 ] GNU C Library: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/803437
    Bug: https://bugs.gentoo.org/807935
    Bug: https://bugs.gentoo.org/831096
    Bug: https://bugs.gentoo.org/831212
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-24.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

Comment 5 Sam James archtester

2022-08-14 14:41:40 UTC

GLSA done, all done.