From ${URL} : An out-of buffer bounds write flaw was found in the way readdir_r() routine of glibc, the collection of GNU libc libraries, used to handle file system entry when its name was longer than NAME_MAX characters constant, defined by Linux kernel (readdir_r() used to put content of the directory read into application's allocated buffer, possibly [NTFS or CIFS filesystems for example] leading to application's buffer overwrite]. A remote-attacker could provide a specially-crafted NTFS or CIFS image that, when processed in an application using the readdir_r() functionality, would lead to that application crash or, potentially, arbitrary code execution with the privileges of the user running the application. This issue was found by Florian Weimer of Red Hat Product Security Team. Upstream bug report: [1] http://sourceware.org/bugzilla/show_bug.cgi?id=14699 Latest patch proposal: [2] http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
the commit: http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=91ce408
Time to bump.
CVE-2013-4237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4237): sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.
Patches available and multiple distributions are updated: https://bugzilla.redhat.com/show_bug.cgi?id=995839 https://sourceware.org/bugzilla/show_bug.cgi?id=14699
(In reply to Yury German from comment #4) > Patches available and multiple distributions are updated: > > https://bugzilla.redhat.com/show_bug.cgi?id=995839 > https://sourceware.org/bugzilla/show_bug.cgi?id=14699 This is fixed in 2.19. 2.19 is not out, http://www.gnu.org/software/libc/libc.html at this moment says: The current stable version of glibc is 2.18. See the NEWS file in the glibc sources for more information. So the tag is upstream/ebuild.
this one is kind of bad since it can be poked by a remote system or trying to read malicious USB sticks. so i'll prob cherry pick it back to at least 2.18.
actually seems that i've already cherry picked it into glibc-2.18 ;)
SpanKY please advise when you are ready to stabilize 2.18-r1. From bug history it looks like there are two security bugs that you "Cherri-Picked" in to this release.
Maintainer(s), please drop the vulnerable version(s). Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201503-04 at http://security.gentoo.org/glsa/glsa-201503-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
