1) Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) See https://sourceware.org/bugzilla/show_bug.cgi?id=30842. 2) Potential use-after-free in getcanonname (CVE-2023-4806) See https://sourceware.org/bugzilla/show_bug.cgi?id=30843.
commit 5e4787264d2ac33ff1718753e683122950fcf317 Author: Andreas K. Hüttel <dilfridge@gentoo.org> Date: Sat Sep 16 11:39:52 2023 +0200 sys-libs/glibc: 2.37 and 2.38 patchset bumps, untested Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
Both re-keyworded as of now
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=029e12731f29676d3f6ebed09f7747ee6e15c5e8 commit 029e12731f29676d3f6ebed09f7747ee6e15c5e8 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-04 08:02:08 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-10-04 08:02:41 +0000 [ GLSA 202310-03 ] glibc: Multiple vulnerabilities Bug: https://bugs.gentoo.org/867952 Bug: https://bugs.gentoo.org/914281 Bug: https://bugs.gentoo.org/915127 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202310-03.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+)