Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 758359 (CVE-2020-29562, CVE-2020-29573) - <sys-libs/glibc-2.32-r5: Multiple vulnerabilities (CVE-2020-{29562,29573})
Summary: <sys-libs/glibc-2.32-r5: Multiple vulnerabilities (CVE-2020-{29562,29573})
Status: RESOLVED FIXED
Alias: CVE-2020-29562, CVE-2020-29573
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://sourceware.org/bugzilla/show_...
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on: 766650
Blocks:
  Show dependency tree
 
Reported: 2020-12-04 07:52 UTC by Sam James
Modified: 2021-02-25 19:04 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-12-04 07:52:45 UTC
Description:
"The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service."
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-12-04 07:53:59 UTC
Not clear if this is in a patchset yet or not. It may be worth including bug 756316 (not a security bug)'s patch too while rolling a new one.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-12-06 01:09:22 UTC
* CVE-2020-29573

Description:
"sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf."

Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=26649
Comment 3 Larry the Git Cow gentoo-dev 2020-12-08 08:30:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f98d2b1f32c99392b6a7bea550732c0585d1fea8

commit f98d2b1f32c99392b6a7bea550732c0585d1fea8
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2020-12-08 07:53:59 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-12-08 08:30:49 +0000

    sys-libs/glibc: 2.32: cut 4 patchset
    
    Three new patches:
    - iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923)
    - x86: Harden printf against non-normal long double values (bug 26649)
    - x86: Fix THREAD_SELF definition to avoid ld.so crash (bug 27004)
    
    Should fix CVE-2020-29562, CVE-2020-29573 and another gcc-11 compatibility.
    
    Reported-by: Sam James
    Bug: https://bugs.gentoo.org/758359
    Reported-by: Sam James
    Bug: https://bugs.gentoo.org/758359
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 sys-libs/glibc/Manifest             |    1 +
 sys-libs/glibc/glibc-2.32-r5.ebuild | 1513 +++++++++++++++++++++++++++++++++++
 2 files changed, 1514 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f98d2b1f32c99392b6a7bea550732c0585d1fea8

commit f98d2b1f32c99392b6a7bea550732c0585d1fea8
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2020-12-08 07:53:59 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-12-08 08:30:49 +0000

    sys-libs/glibc: 2.32: cut 4 patchset
    
    Three new patches:
    - iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923)
    - x86: Harden printf against non-normal long double values (bug 26649)
    - x86: Fix THREAD_SELF definition to avoid ld.so crash (bug 27004)
    
    Should fix CVE-2020-29562, CVE-2020-29573 and another gcc-11 compatibility.
    
    Reported-by: Sam James
    Bug: https://bugs.gentoo.org/758359
    Reported-by: Sam James
    Bug: https://bugs.gentoo.org/758359
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 sys-libs/glibc/Manifest             |    1 +
 sys-libs/glibc/glibc-2.32-r5.ebuild | 1513 +++++++++++++++++++++++++++++++++++
 2 files changed, 1514 insertions(+)
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-12-14 01:04:03 UTC
Thank you! Let us know when ready to stable.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2021-01-25 00:06:04 UTC
This issue was resolved and addressed in
 GLSA 202101-20 at https://security.gentoo.org/glsa/202101-20
by GLSA coordinator Aaron Bauman (b-man).
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2021-01-25 00:06:41 UTC
re-opened for final arches and masking
Comment 7 Larry the Git Cow gentoo-dev 2021-02-25 18:17:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83d1238d25598dadbf06e3efe61619dbd934c77f

commit 83d1238d25598dadbf06e3efe61619dbd934c77f
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2021-02-25 18:17:02 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2021-02-25 18:17:45 +0000

    sys-libs/glibc: Remove old
    
    Bug: https://bugs.gentoo.org/758359
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 sys-libs/glibc/Manifest             |    2 -
 sys-libs/glibc/glibc-2.32-r2.ebuild | 1521 -----------------------------------
 sys-libs/glibc/glibc-2.32-r3.ebuild | 1513 ----------------------------------
 sys-libs/glibc/glibc-2.32-r5.ebuild | 1513 ----------------------------------
 4 files changed, 4549 deletions(-)
Comment 8 Andreas K. Hüttel archtester gentoo-dev 2021-02-25 18:18:40 UTC
Cleanup done. Toolchain out.
Comment 9 NATTkA bot gentoo-dev 2021-02-25 18:20:55 UTC
Unable to check for sanity:

> no match for package: sys-libs/glibc-2.32-r5
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-02-25 19:04:09 UTC
GLSA done, tree clean. All done.