608706 – (CVE-2016-6323) <sys-libs/glibc-2.23-r3: Missing unwind info in __startcontext causes infinite loop in _Unwind_Backtrace

Bug 608706 (CVE-2016-6323) - <sys-libs/glibc-2.23-r3: Missing unwind info in __startcontext causes infinite loop in _Unwind_Backtrace

Summary: <sys-libs/glibc-2.23-r3: Missing unwind info in __startcontext causes infinit...

Status:	RESOLVED FIXED

Alias:	CVE-2016-6323

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://sourceware.org/ml/libc-alpha/...
Whiteboard:	A3 [glsa cve glsa blocked]
Keywords:

Depends on:	CVE-2017-1000366
Blocks:
	Show dependency tree

Reported:	2017-02-09 09:13 UTC by Thomas Deutschmann (RETIRED)
Modified:	2017-06-20 17:55 UTC (History)
CC List:	1 user (show)

See Also:	https://sourceware.org/bugzilla/show_bug.cgi?id=20435
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2017-02-09 09:13:02 UTC

CVE-2016-6323

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=20435

Upstream patch:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-02-09 09:14:45 UTC

@ Maintainer(s): The vulnerability is fixed in >=sys-libs/glibc-2.25. Please bump the package and tell us if you plan to backport the fix.

Comment 2 SpanKY gentoo-dev

2017-02-09 10:36:49 UTC

this fix i had cherry picked into the first 2.24 patchset already

Comment 3 Matthias Maier gentoo-dev

2017-06-11 16:35:33 UTC

The fix already made it into Patchset 5 for glibc 2.23.

Comment 4 Matthias Maier gentoo-dev

2017-06-19 16:30:55 UTC

commit aa57c4a8ee21fa208a21388c1291260c1dd8c389
Author: Matthias Maier <tamiko@gentoo.org>
Date:   Thu Jun 8 11:20:38 2017 -0500

    profiles: Mask all glibc versions older than 2.23

Comment 5 GLSAMaker/CVETool Bot gentoo-dev

2017-06-20 17:55:34 UTC

This issue was resolved and addressed in
 GLSA 201706-19 at https://security.gentoo.org/glsa/201706-19
by GLSA coordinator Thomas Deutschmann (whissi).