Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 887269 (CVE-2022-44940)

Summary: <dev-util/patchelf-0.16.1: out of bounds read
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: chewi
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 887271    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-19 23:54:06 UTC 
CVE-2022-44940 (https://github.com/NixOS/patchelf/pull/419):

Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc.

Patch in 0.16.0 onwards: https://github.com/NixOS/patchelf/commit/b751eeb137d71765b3c35c4210c1c3b64dcd3a32

Please stabilize >=0.16.0.
Comment 1 James Le Cuirot gentoo-dev 2022-12-24 17:23:13 UTC 
0.17.0 has been stabilised and the old versions have been cleaned.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-24 17:29:22 UTC 
OOB read with no apparent further impact. No GLSA, all done.