Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 807935 (CVE-2021-38604) - <sys-libs/glibc-2.33-r7: NULL pointer dereference (CVE-2021-38604)
Summary: <sys-libs/glibc-2.33-r7: NULL pointer dereference (CVE-2021-38604)
Status: IN_PROGRESS
Alias: CVE-2021-38604
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://sourceware.org/bugzilla/show_...
Whiteboard: B4 [glsa? cleanup]
Keywords:
Depends on: libxcrypt-stable
Blocks:
  Show dependency tree
 
Reported: 2021-08-12 23:46 UTC by John Helmert III
Modified: 2022-01-05 05:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-12 23:46:32 UTC
CVE-2021-38604:

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

Patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-18 03:37:00 UTC
We're waiting for news on a backport.
Comment 2 Larry the Git Cow gentoo-dev 2021-08-18 18:01:13 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7fb14f0b1a2d1e590437487be9a6a2c278aafd60

commit 7fb14f0b1a2d1e590437487be9a6a2c278aafd60
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2021-08-18 18:00:28 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2021-08-18 18:01:02 +0000

    sys-libs/glibc: Bump 2.34 patchlevel to 2 (unkeyworded)
    
    Bug: https://bugs.gentoo.org/807935
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 sys-libs/glibc/Manifest          | 2 +-
 sys-libs/glibc/glibc-2.34.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c150cdb5bc5d9fc84079cc764957b7823c3bf43

commit 8c150cdb5bc5d9fc84079cc764957b7823c3bf43
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2021-08-18 17:56:02 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2021-08-18 18:00:55 +0000

    sys-libs/glibc: 2.33 revision/patchlevel 6 bump
    
    Bug: https://bugs.gentoo.org/807935
    Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=28213
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 sys-libs/glibc/Manifest             |    1 +
 sys-libs/glibc/glibc-2.33-r7.ebuild | 1551 +++++++++++++++++++++++++++++++++++
 2 files changed, 1552 insertions(+)