CVE-2018-6485 (https://nvd.nist.gov/vuln/detail/CVE-2018-6485): An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. @Maintainers please call for stabilization when ready, thank you
Fixed upstream in 2.27
Fix added to gentoo/2.26 branch, will be in patchlevel 6
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa2244fedca8e63902ba8d879dbf0f4d9548d754 commit fa2244fedca8e63902ba8d879dbf0f4d9548d754 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2018-02-08 23:49:17 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2018-02-08 23:49:40 +0000 sys-libs/glibc: Revbump 2.26-r6 with next patchset (patchlevel 6) 10 test failures need investigating: === FAIL: elf/tst-prelink-cmp XPASS: elf/tst-protected1a XPASS: elf/tst-protected1b FAIL: malloc/tst-malloc-tcache-leak FAIL: math/test-float128-finite-tgamma FAIL: math/test-float128-finite-trunc FAIL: math/test-float128-tgamma FAIL: math/test-float128-trunc FAIL: math/test-ifloat128-tgamma FAIL: math/test-ifloat128-trunc FAIL: misc/tst-ttyname UNSUPPORTED: nptl/test-cond-printers UNSUPPORTED: nptl/test-condattr-printers UNSUPPORTED: nptl/test-mutex-printers UNSUPPORTED: nptl/test-mutexattr-printers UNSUPPORTED: nptl/test-rwlock-printers UNSUPPORTED: nptl/test-rwlockattr-printers FAIL: nss/tst-nss-files-hosts-multi Summary of test results: 10 FAIL 4113 PASS 6 UNSUPPORTED 29 XFAIL 2 XPASS === Bug: https://bugs.gentoo.org/646492 Bug: https://bugs.gentoo.org/646490 Bug: https://bugs.gentoo.org/641644 Bug: https://bugs.gentoo.org/644278 Package-Manager: Portage-2.3.21, Repoman-2.3.6 sys-libs/glibc/Manifest | 1 + sys-libs/glibc/glibc-2.26-r6.ebuild | 836 ++++++++++++++++++++++++++++++++++++ 2 files changed, 837 insertions(+)}
Fix added to gentoo/2.25 branch, will be in patchlevel 14
This issue was resolved and addressed in GLSA 201804-02 at https://security.gentoo.org/glsa/201804-02 by GLSA coordinator Aaron Bauman (b-man).