Summary: | <sys-libs/glibc-2.37-r6: memory leak regression in CVE-2023-4806 patch | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ajak, hydrapolic, toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2023/10/03/4 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=914281 | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
![]() ![]() ![]() ![]() Seems there's a fix in 2.39: https://sourceware.org/pipermail/libc-announce/2024/000038.html The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=1b3d5c5b8102daf085b27905a139c5e8c4c7d591 commit 1b3d5c5b8102daf085b27905a139c5e8c4c7d591 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-02-02 03:02:44 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-02 03:03:23 +0000 [ GLSA 202402-01 ] glibc: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/918412 Bug: https://bugs.gentoo.org/923352 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202402-01.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) We added it in 2.38-4 first (https://gitweb.gentoo.org/fork/glibc.git/commit/?h=gentoo/2.38&id=4239cf689516ca2bab013994feed150cffc9e4fa). Oops, missed that this was backported into Gentoo a while ago, in particular in 2.37-8: https://gitweb.gentoo.org/fork/glibc.git/commit/?id=c75b76f8e1fb4ff0787ec408cb8f08b8a8f2e041 |