CVE-2023-5156: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. This seems to be the patch, doesn't seem like we have it? https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796
Seems there's a fix in 2.39: https://sourceware.org/pipermail/libc-announce/2024/000038.html
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=1b3d5c5b8102daf085b27905a139c5e8c4c7d591 commit 1b3d5c5b8102daf085b27905a139c5e8c4c7d591 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-02-02 03:02:44 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-02 03:03:23 +0000 [ GLSA 202402-01 ] glibc: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/918412 Bug: https://bugs.gentoo.org/923352 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202402-01.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+)
We added it in 2.38-4 first (https://gitweb.gentoo.org/fork/glibc.git/commit/?h=gentoo/2.38&id=4239cf689516ca2bab013994feed150cffc9e4fa).
Oops, missed that this was backported into Gentoo a while ago, in particular in 2.37-8: https://gitweb.gentoo.org/fork/glibc.git/commit/?id=c75b76f8e1fb4ff0787ec408cb8f08b8a8f2e041
