Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 646490 (CVE-2018-6485) - <sys-libs/glibc-{2.25-r11,2.26-r6}: Integer overflow vulnerability in memalign functions
Summary: <sys-libs/glibc-{2.25-r11,2.26-r6}: Integer overflow vulnerability in memalig...
Alias: CVE-2018-6485
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa+ cve]
Depends on: CVE-2018-6551
  Show dependency tree
Reported: 2018-02-03 15:07 UTC by GLSAMaker/CVETool Bot
Modified: 2018-04-04 01:55 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-03 15:07:06 UTC
CVE-2018-6485 (
  An integer overflow in the implementation of the posix_memalign in memalign
  functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could
  cause these functions to return a pointer to a heap area that is too small,
  potentially leading to heap corruption.

@Maintainers please call for stabilization when ready, thank you
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2018-02-08 21:59:37 UTC
Fixed upstream in 2.27
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2018-02-08 22:07:32 UTC
Fix added to gentoo/2.26 branch, will be in patchlevel 6
Comment 3 Larry the Git Cow gentoo-dev 2018-02-08 23:50:00 UTC
The bug has been referenced in the following commit(s):

commit fa2244fedca8e63902ba8d879dbf0f4d9548d754
Author:     Andreas K. Hüttel <>
AuthorDate: 2018-02-08 23:49:17 +0000
Commit:     Andreas K. Hüttel <>
CommitDate: 2018-02-08 23:49:40 +0000

    sys-libs/glibc: Revbump 2.26-r6 with next patchset (patchlevel 6)
    10 test failures need investigating:
    FAIL: elf/tst-prelink-cmp
    XPASS: elf/tst-protected1a
    XPASS: elf/tst-protected1b
    FAIL: malloc/tst-malloc-tcache-leak
    FAIL: math/test-float128-finite-tgamma
    FAIL: math/test-float128-finite-trunc
    FAIL: math/test-float128-tgamma
    FAIL: math/test-float128-trunc
    FAIL: math/test-ifloat128-tgamma
    FAIL: math/test-ifloat128-trunc
    FAIL: misc/tst-ttyname
    UNSUPPORTED: nptl/test-cond-printers
    UNSUPPORTED: nptl/test-condattr-printers
    UNSUPPORTED: nptl/test-mutex-printers
    UNSUPPORTED: nptl/test-mutexattr-printers
    UNSUPPORTED: nptl/test-rwlock-printers
    UNSUPPORTED: nptl/test-rwlockattr-printers
    FAIL: nss/tst-nss-files-hosts-multi
    Summary of test results:
         10 FAIL
       4113 PASS
          6 UNSUPPORTED
         29 XFAIL
          2 XPASS
    Package-Manager: Portage-2.3.21, Repoman-2.3.6

 sys-libs/glibc/Manifest             |   1 +
 sys-libs/glibc/glibc-2.26-r6.ebuild | 836 ++++++++++++++++++++++++++++++++++++
 2 files changed, 837 insertions(+)}
Comment 4 Andreas K. Hüttel archtester gentoo-dev 2018-02-09 22:35:24 UTC
Fix added to gentoo/2.25 branch, will be in patchlevel 14
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2018-04-04 01:55:49 UTC
This issue was resolved and addressed in
 GLSA 201804-02 at
by GLSA coordinator Aaron Bauman (b-man).