Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 646492 (CVE-2018-6551) - <sys-libs/glibc-{2.25-r11,2.26-r6}: Heap pointer deference vulnerability on powerpc
Summary: <sys-libs/glibc-{2.25-r11,2.26-r6}: Heap pointer deference vulnerability on p...
Status: RESOLVED FIXED
Alias: CVE-2018-6551
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://sourceware.org/bugzilla/show_...
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on:
Blocks: CVE-2017-14062bis CVE-2017-15670, CVE-2017-15671 CVE-2017-15804 CVE-2017-16997 CVE-2018-1000001 CVE-2018-6485
  Show dependency tree
 
Reported: 2018-02-03 15:08 UTC by GLSAMaker/CVETool Bot
Modified: 2018-07-27 22:02 UTC (History)
1 user (show)

See Also:
Package list:
=sys-libs/glibc-2.25-r11
Runtime testing required: Yes
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-03 15:08:35 UTC
CVE-2018-6551 (https://nvd.nist.gov/vuln/detail/CVE-2018-6551):
  The malloc implementation in the GNU C Library (aka glibc or libc6), from
  version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not
  properly handle malloc calls with arguments close to SIZE_MAX and could
  return a pointer to a heap region that is smaller than requested, eventually
  leading to heap corruption.


@Maintainers please call for stabilization when ready, note that only powerpc is affected by this bug. Thank you
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2018-02-08 22:10:25 UTC
Fixed upstream in 2.27
Fix added to gentoo/2.26 branch, will be in patchlevel 6
Comment 2 Larry the Git Cow gentoo-dev 2018-02-08 23:49:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa2244fedca8e63902ba8d879dbf0f4d9548d754

commit fa2244fedca8e63902ba8d879dbf0f4d9548d754
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2018-02-08 23:49:17 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2018-02-08 23:49:40 +0000

    sys-libs/glibc: Revbump 2.26-r6 with next patchset (patchlevel 6)
    
    10 test failures need investigating:
    ===
    FAIL: elf/tst-prelink-cmp
    XPASS: elf/tst-protected1a
    XPASS: elf/tst-protected1b
    FAIL: malloc/tst-malloc-tcache-leak
    FAIL: math/test-float128-finite-tgamma
    FAIL: math/test-float128-finite-trunc
    FAIL: math/test-float128-tgamma
    FAIL: math/test-float128-trunc
    FAIL: math/test-ifloat128-tgamma
    FAIL: math/test-ifloat128-trunc
    FAIL: misc/tst-ttyname
    UNSUPPORTED: nptl/test-cond-printers
    UNSUPPORTED: nptl/test-condattr-printers
    UNSUPPORTED: nptl/test-mutex-printers
    UNSUPPORTED: nptl/test-mutexattr-printers
    UNSUPPORTED: nptl/test-rwlock-printers
    UNSUPPORTED: nptl/test-rwlockattr-printers
    FAIL: nss/tst-nss-files-hosts-multi
    Summary of test results:
         10 FAIL
       4113 PASS
          6 UNSUPPORTED
         29 XFAIL
          2 XPASS
    ===
    
    Bug: https://bugs.gentoo.org/646492
    Bug: https://bugs.gentoo.org/646490
    Bug: https://bugs.gentoo.org/641644
    Bug: https://bugs.gentoo.org/644278
    Package-Manager: Portage-2.3.21, Repoman-2.3.6

 sys-libs/glibc/Manifest             |   1 +
 sys-libs/glibc/glibc-2.26-r6.ebuild | 836 ++++++++++++++++++++++++++++++++++++
 2 files changed, 837 insertions(+)}
Comment 3 Andreas K. Hüttel archtester gentoo-dev 2018-02-09 22:38:09 UTC
Fix added to gentoo/2.25 branch, will be in patchlevel 14
Comment 4 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-03-28 20:10:58 UTC
Per conversation with dilfridge on IRC this is ready to be called for stable.

exp arches CC'ed due to the importance of glibc, but will not hold up further sec actions.

@arches, please stabilize.
Comment 5 Larry the Git Cow gentoo-dev 2018-03-29 00:39:27 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae8b946adf706854d33983c35fc76b12f11c9391

commit ae8b946adf706854d33983c35fc76b12f11c9391
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-03-29 00:38:20 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-03-29 00:38:20 +0000

    sys-libs/glibc: amd64 stable
    
    Bug: https://bugs.gentoo.org/646492
    Package-Manager: Portage-2.3.26, Repoman-2.3.7

 sys-libs/glibc/glibc-2.25-r11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 6 Thomas Deutschmann gentoo-dev 2018-03-29 14:53:45 UTC
x86 stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-29 19:39:43 UTC
ia64 stable
Comment 8 Mart Raudsepp gentoo-dev 2018-03-29 22:32:55 UTC
arm64 stable
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-30 22:38:05 UTC
ppc64 stable
Comment 10 Larry the Git Cow gentoo-dev 2018-03-31 10:04:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15068b1c791ece90bbc739feb13044c351fd3710

commit 15068b1c791ece90bbc739feb13044c351fd3710
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-03-31 08:29:51 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-03-31 10:04:42 +0000

    sys-libs/glibc: stable 2.25-r11 for sparc
    
    Bug: https://bugs.gentoo.org/646492
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 sys-libs/glibc/glibc-2.25-r11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 11 Tobias Klausmann (RETIRED) gentoo-dev 2018-03-31 14:18:15 UTC
Stable on alpha.
Comment 12 Sergei Trofimovich (RETIRED) gentoo-dev 2018-04-01 21:47:40 UTC
ppc stable
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2018-04-04 01:55:57 UTC
This issue was resolved and addressed in
 GLSA 201804-02 at https://security.gentoo.org/glsa/201804-02
by GLSA coordinator Aaron Bauman (b-man).
Comment 14 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-04-04 01:57:30 UTC
Re-opened for arches to finish stabilization.
Comment 15 Markus Meier gentoo-dev 2018-04-08 10:51:13 UTC
arm stable
Comment 16 Larry the Git Cow gentoo-dev 2018-04-13 20:08:00 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d75dc07b2077a4d73f731b8cf5290a326bb5ecce

commit d75dc07b2077a4d73f731b8cf5290a326bb5ecce
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-04-13 19:56:05 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-13 20:07:37 +0000

    sys-libs/glibc: stable 2.25-r11 for hppa
    
    Bug: https://bugs.gentoo.org/646492
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="hppa"

 sys-libs/glibc/glibc-2.25-r11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 17 Andreas K. Hüttel archtester gentoo-dev 2018-04-21 21:57:20 UTC
@security: all supported arches are done.
Comment 18 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-04-21 22:21:18 UTC
(In reply to Andreas K. Hüttel from comment #17)
> @security: all supported arches are done.

Thanks.  We just need to mask or remove the vulnerable.
Comment 19 Larry the Git Cow gentoo-dev 2018-04-28 21:23:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be27313d300d7e9ccc87654551edc7398a474f1b

commit be27313d300d7e9ccc87654551edc7398a474f1b
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2018-04-28 21:23:20 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2018-04-28 21:23:48 +0000

    sys-libs/glibc: Drop vulnerable version, bug 646492
    
    This removes last stable on m68k, sh, s390 (we're way
    beyond any timeout there).
    
    Bug: https://bugs.gentoo.org/646492
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 sys-libs/glibc/Manifest              |   1 -
 sys-libs/glibc/glibc-2.25-r10.ebuild | 153 -----------------------------------
 2 files changed, 154 deletions(-)}
Comment 20 Sergei Trofimovich (RETIRED) gentoo-dev 2018-07-27 22:02:24 UTC
commit 40259e04ced6e79108fb80cf24819c4bf31f394b
Author: Mike Frysinger <vapier@gentoo.org>
Date:   Tue May 22 10:35:41 2018 -0400

    sys-libs/glibc: mark 2.23-r4/2.25-r11 m68k/s390/sh stable