Summary: | <sys-libs/glibc-{2.33-r9, 2.34-r7}: Unexpected return value from realpath() for too long results (CVE-2021-3998) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceware.org/bugzilla/show_bug.cgi?id=28770 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=831212 | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 831212 | ||
Bug Blocks: |
Description
Sam James
2022-01-13 05:45:50 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32cacd85af01e3a00b5fbe4d121c70db56f3e4be commit 32cacd85af01e3a00b5fbe4d121c70db56f3e4be Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2022-01-25 13:11:59 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2022-01-25 13:13:06 +0000 sys-libs/glibc: 2.33 patchlevel 7 bump Includes fixes for CVE-2021-3998, CVE-2021-3999, CVE-2022-23218, CVE-2022-23219 Bug: https://bugs.gentoo.org/831212 Bug: https://bugs.gentoo.org/831096 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> sys-libs/glibc/Manifest | 1 + sys-libs/glibc/{glibc-2.33-r8.ebuild => glibc-2.33-r9.ebuild} | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=db5361e1e42ef0dfb4d6eda6648cae61bea60edf commit db5361e1e42ef0dfb4d6eda6648cae61bea60edf Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 14:29:01 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 14:33:57 +0000 [ GLSA 202208-24 ] GNU C Library: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/803437 Bug: https://bugs.gentoo.org/807935 Bug: https://bugs.gentoo.org/831096 Bug: https://bugs.gentoo.org/831212 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-24.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) GLSA done, all done. |