CVE-2018-6551 (https://nvd.nist.gov/vuln/detail/CVE-2018-6551): The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. @Maintainers please call for stabilization when ready, note that only powerpc is affected by this bug. Thank you
Fixed upstream in 2.27 Fix added to gentoo/2.26 branch, will be in patchlevel 6
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa2244fedca8e63902ba8d879dbf0f4d9548d754 commit fa2244fedca8e63902ba8d879dbf0f4d9548d754 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2018-02-08 23:49:17 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2018-02-08 23:49:40 +0000 sys-libs/glibc: Revbump 2.26-r6 with next patchset (patchlevel 6) 10 test failures need investigating: === FAIL: elf/tst-prelink-cmp XPASS: elf/tst-protected1a XPASS: elf/tst-protected1b FAIL: malloc/tst-malloc-tcache-leak FAIL: math/test-float128-finite-tgamma FAIL: math/test-float128-finite-trunc FAIL: math/test-float128-tgamma FAIL: math/test-float128-trunc FAIL: math/test-ifloat128-tgamma FAIL: math/test-ifloat128-trunc FAIL: misc/tst-ttyname UNSUPPORTED: nptl/test-cond-printers UNSUPPORTED: nptl/test-condattr-printers UNSUPPORTED: nptl/test-mutex-printers UNSUPPORTED: nptl/test-mutexattr-printers UNSUPPORTED: nptl/test-rwlock-printers UNSUPPORTED: nptl/test-rwlockattr-printers FAIL: nss/tst-nss-files-hosts-multi Summary of test results: 10 FAIL 4113 PASS 6 UNSUPPORTED 29 XFAIL 2 XPASS === Bug: https://bugs.gentoo.org/646492 Bug: https://bugs.gentoo.org/646490 Bug: https://bugs.gentoo.org/641644 Bug: https://bugs.gentoo.org/644278 Package-Manager: Portage-2.3.21, Repoman-2.3.6 sys-libs/glibc/Manifest | 1 + sys-libs/glibc/glibc-2.26-r6.ebuild | 836 ++++++++++++++++++++++++++++++++++++ 2 files changed, 837 insertions(+)}
Fix added to gentoo/2.25 branch, will be in patchlevel 14
Per conversation with dilfridge on IRC this is ready to be called for stable. exp arches CC'ed due to the importance of glibc, but will not hold up further sec actions. @arches, please stabilize.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae8b946adf706854d33983c35fc76b12f11c9391 commit ae8b946adf706854d33983c35fc76b12f11c9391 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-03-29 00:38:20 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-03-29 00:38:20 +0000 sys-libs/glibc: amd64 stable Bug: https://bugs.gentoo.org/646492 Package-Manager: Portage-2.3.26, Repoman-2.3.7 sys-libs/glibc/glibc-2.25-r11.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)}
x86 stable
ia64 stable
arm64 stable
ppc64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15068b1c791ece90bbc739feb13044c351fd3710 commit 15068b1c791ece90bbc739feb13044c351fd3710 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-03-31 08:29:51 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-03-31 10:04:42 +0000 sys-libs/glibc: stable 2.25-r11 for sparc Bug: https://bugs.gentoo.org/646492 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" sys-libs/glibc/glibc-2.25-r11.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)}
Stable on alpha.
ppc stable
This issue was resolved and addressed in GLSA 201804-02 at https://security.gentoo.org/glsa/201804-02 by GLSA coordinator Aaron Bauman (b-man).
Re-opened for arches to finish stabilization.
arm stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d75dc07b2077a4d73f731b8cf5290a326bb5ecce commit d75dc07b2077a4d73f731b8cf5290a326bb5ecce Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-04-13 19:56:05 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-13 20:07:37 +0000 sys-libs/glibc: stable 2.25-r11 for hppa Bug: https://bugs.gentoo.org/646492 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="hppa" sys-libs/glibc/glibc-2.25-r11.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)}
@security: all supported arches are done.
(In reply to Andreas K. Hüttel from comment #17) > @security: all supported arches are done. Thanks. We just need to mask or remove the vulnerable.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be27313d300d7e9ccc87654551edc7398a474f1b commit be27313d300d7e9ccc87654551edc7398a474f1b Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2018-04-28 21:23:20 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2018-04-28 21:23:48 +0000 sys-libs/glibc: Drop vulnerable version, bug 646492 This removes last stable on m68k, sh, s390 (we're way beyond any timeout there). Bug: https://bugs.gentoo.org/646492 Package-Manager: Portage-2.3.31, Repoman-2.3.9 sys-libs/glibc/Manifest | 1 - sys-libs/glibc/glibc-2.25-r10.ebuild | 153 ----------------------------------- 2 files changed, 154 deletions(-)}
commit 40259e04ced6e79108fb80cf24819c4bf31f394b Author: Mike Frysinger <vapier@gentoo.org> Date: Tue May 22 10:35:41 2018 -0400 sys-libs/glibc: mark 2.23-r4/2.25-r11 m68k/s390/sh stable
