Summary: | <sys-libs/glibc-2.36-r5: oob heap memory read in crafted syslog'd strings | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | maracay |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceware.org/bugzilla/show_bug.cgi?id=29536 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=923352 | ||
Whiteboard: | A4 [glsa+] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2022-09-02 02:13:20 UTC
Fixed in our 2.36-r5, already stable. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=67a7c931b9e46159493205e847aa1ec3d1dc7ef0 commit 67a7c931b9e46159493205e847aa1ec3d1dc7ef0 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2022-12-05 23:47:58 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2022-12-05 23:48:36 +0000 package.mask: Extend old glibc mask, bug 867952 Bug: https://bugs.gentoo.org/867952 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) All vulnerable versions masked. No cleanup. My understanding is this bug was introduced in 2.36, fixed in 2.37 and the fix backported to 2.36. 2.35 and lower are unaffected. Or am I missing something? (In reply to Eddie Chapman from comment #4) > My understanding is this bug was introduced in 2.36, fixed in 2.37 and the > fix backported to 2.36. 2.35 and lower are unaffected. Or am I missing > something? That seems right (but I'm not really familiar with glibc, just gleaned this from poking around in git a bit) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=029e12731f29676d3f6ebed09f7747ee6e15c5e8 commit 029e12731f29676d3f6ebed09f7747ee6e15c5e8 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-04 08:02:08 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-10-04 08:02:41 +0000 [ GLSA 202310-03 ] glibc: Multiple vulnerabilities Bug: https://bugs.gentoo.org/867952 Bug: https://bugs.gentoo.org/914281 Bug: https://bugs.gentoo.org/915127 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202310-03.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) |