According to the very thorough report in oss-security [1]: ++ The vulnerability described here is caused by Linux kernel behaviour change in the syscall API (returning relative pathnames in getcwd()) and non-defensive function implementation in libc (failing to process that pathname correctly). Other libraries are very likely to be affected as well. On affected systems this vulnerability can be used to gain root privileges via SUID binaries. The return value specification change in getcwd() was introduced in Linux kernel Linux 2.6.36. It has already caused troubles, even in realpath(), but at different location [1] http://openwall.com/lists/oss-security/2018/01/11/5
fixed in: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94
Thank you Ian and Oleg for the information.
Fix added to the gentoo/2.26 branch (will be in patchlevel 6). Fixed upstream in 2.27.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa2244fedca8e63902ba8d879dbf0f4d9548d754 commit fa2244fedca8e63902ba8d879dbf0f4d9548d754 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2018-02-08 23:49:17 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2018-02-08 23:49:40 +0000 sys-libs/glibc: Revbump 2.26-r6 with next patchset (patchlevel 6) 10 test failures need investigating: === FAIL: elf/tst-prelink-cmp XPASS: elf/tst-protected1a XPASS: elf/tst-protected1b FAIL: malloc/tst-malloc-tcache-leak FAIL: math/test-float128-finite-tgamma FAIL: math/test-float128-finite-trunc FAIL: math/test-float128-tgamma FAIL: math/test-float128-trunc FAIL: math/test-ifloat128-tgamma FAIL: math/test-ifloat128-trunc FAIL: misc/tst-ttyname UNSUPPORTED: nptl/test-cond-printers UNSUPPORTED: nptl/test-condattr-printers UNSUPPORTED: nptl/test-mutex-printers UNSUPPORTED: nptl/test-mutexattr-printers UNSUPPORTED: nptl/test-rwlock-printers UNSUPPORTED: nptl/test-rwlockattr-printers FAIL: nss/tst-nss-files-hosts-multi Summary of test results: 10 FAIL 4113 PASS 6 UNSUPPORTED 29 XFAIL 2 XPASS === Bug: https://bugs.gentoo.org/646492 Bug: https://bugs.gentoo.org/646490 Bug: https://bugs.gentoo.org/641644 Bug: https://bugs.gentoo.org/644278 Package-Manager: Portage-2.3.21, Repoman-2.3.6 sys-libs/glibc/Manifest | 1 + sys-libs/glibc/glibc-2.26-r6.ebuild | 836 ++++++++++++++++++++++++++++++++++++ 2 files changed, 837 insertions(+)}
Fix added to the gentoo/2.25 branch (will be in patchlevel 14).
This issue was resolved and addressed in GLSA 201804-02 at https://security.gentoo.org/glsa/201804-02 by GLSA coordinator Aaron Bauman (b-man).