Description: "The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service."
Not clear if this is in a patchset yet or not. It may be worth including bug 756316 (not a security bug)'s patch too while rolling a new one.
* CVE-2020-29573 Description: "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf." Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=26649
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f98d2b1f32c99392b6a7bea550732c0585d1fea8 commit f98d2b1f32c99392b6a7bea550732c0585d1fea8 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2020-12-08 07:53:59 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-12-08 08:30:49 +0000 sys-libs/glibc: 2.32: cut 4 patchset Three new patches: - iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923) - x86: Harden printf against non-normal long double values (bug 26649) - x86: Fix THREAD_SELF definition to avoid ld.so crash (bug 27004) Should fix CVE-2020-29562, CVE-2020-29573 and another gcc-11 compatibility. Reported-by: Sam James Bug: https://bugs.gentoo.org/758359 Reported-by: Sam James Bug: https://bugs.gentoo.org/758359 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> sys-libs/glibc/Manifest | 1 + sys-libs/glibc/glibc-2.32-r5.ebuild | 1513 +++++++++++++++++++++++++++++++++++ 2 files changed, 1514 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f98d2b1f32c99392b6a7bea550732c0585d1fea8 commit f98d2b1f32c99392b6a7bea550732c0585d1fea8 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2020-12-08 07:53:59 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-12-08 08:30:49 +0000 sys-libs/glibc: 2.32: cut 4 patchset Three new patches: - iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923) - x86: Harden printf against non-normal long double values (bug 26649) - x86: Fix THREAD_SELF definition to avoid ld.so crash (bug 27004) Should fix CVE-2020-29562, CVE-2020-29573 and another gcc-11 compatibility. Reported-by: Sam James Bug: https://bugs.gentoo.org/758359 Reported-by: Sam James Bug: https://bugs.gentoo.org/758359 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> sys-libs/glibc/Manifest | 1 + sys-libs/glibc/glibc-2.32-r5.ebuild | 1513 +++++++++++++++++++++++++++++++++++ 2 files changed, 1514 insertions(+)
Thank you! Let us know when ready to stable.
This issue was resolved and addressed in GLSA 202101-20 at https://security.gentoo.org/glsa/202101-20 by GLSA coordinator Aaron Bauman (b-man).
re-opened for final arches and masking
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83d1238d25598dadbf06e3efe61619dbd934c77f commit 83d1238d25598dadbf06e3efe61619dbd934c77f Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2021-02-25 18:17:02 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2021-02-25 18:17:45 +0000 sys-libs/glibc: Remove old Bug: https://bugs.gentoo.org/758359 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> sys-libs/glibc/Manifest | 2 - sys-libs/glibc/glibc-2.32-r2.ebuild | 1521 ----------------------------------- sys-libs/glibc/glibc-2.32-r3.ebuild | 1513 ---------------------------------- sys-libs/glibc/glibc-2.32-r5.ebuild | 1513 ---------------------------------- 4 files changed, 4549 deletions(-)
Cleanup done. Toolchain out.
Unable to check for sanity: > no match for package: sys-libs/glibc-2.32-r5
GLSA done, tree clean. All done.
