diff options
author | 2023-10-09 18:10:01 +0000 | |
---|---|---|
committer | 2023-10-09 20:34:39 +0200 | |
commit | b29a454a1a5a87d5016b7d2332fdc30c67b2a5c0 (patch) | |
tree | a385d2645521381c592f464d4376bbf6a82d7449 /source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch | |
parent | 291a25cd423c9b040a72063e51134d95cdf4184e (diff) | |
download | current-b29a454a1a5a87d5016b7d2332fdc30c67b2a5c0.tar.gz current-b29a454a1a5a87d5016b7d2332fdc30c67b2a5c0.tar.xz |
Mon Oct 9 18:10:01 UTC 202320231009181001
a/aaa_glibc-solibs-2.38-x86_64-2.txz: Rebuilt.
ap/qpdf-11.6.2-x86_64-1.txz: Upgraded.
ap/vim-9.0.2009-x86_64-1.txz: Upgraded.
l/desktop-file-utils-0.27-x86_64-1.txz: Upgraded.
l/glibc-2.38-x86_64-2.txz: Rebuilt.
These glibc packages are the exact ones that were previously in /testing.
A test mass rebuild was done here finding no new FTBFS, so I think these
are good to go. :)
l/glibc-i18n-2.38-x86_64-2.txz: Rebuilt.
l/glibc-profile-2.38-x86_64-2.txz: Rebuilt.
l/imagemagick-7.1.1_20-x86_64-1.txz: Upgraded.
l/libxkbcommon-1.6.0-x86_64-1.txz: Upgraded.
l/shared-mime-info-2.3-x86_64-1.txz: Upgraded.
n/c-ares-1.20.0-x86_64-1.txz: Upgraded.
n/libtirpc-1.3.4-x86_64-1.txz: Upgraded.
n/proftpd-1.3.8a-x86_64-1.txz: Upgraded.
n/whois-5.5.19-x86_64-1.txz: Upgraded.
Fixed english support for Japanese queries to not add again the /e argument
if it had already been provided by the user. (Closes: #1050171)
Added the .ye and .*************** (.xn--54b7fta0cc, Bangladesh) TLD servers.
Updated the .ba, .bb, .dk, .es, .gt, .jo, .ml, .mo, .pa, .pn, .sv, .uy,
.a+-la-r+-d+.n+, (.xn--mgbayh7gpa, Jordan) and .****** (.xn--mix891f, Macao)
TLD servers.
Upgraded the TLD URLs to HTTPS whenever possible.
Updated the charset for whois.jprs.jp.
Removed 3 new gTLDs which are no longer active.
Removed support for the obsolete as32 dot notation.
x/xterm-386-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.2009-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch')
-rw-r--r-- | source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch | 70 |
1 files changed, 0 insertions, 70 deletions
diff --git a/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch b/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch deleted file mode 100644 index 074317990..000000000 --- a/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa Mon Sep 17 00:00:00 2001 -From: Siddhesh Poyarekar <siddhesh@sourceware.org> -Date: Tue, 19 Sep 2023 18:39:32 -0400 -Subject: [PATCH] tunables: Terminate if end of input is reached - (CVE-2023-4911) - -The string parsing routine may end up writing beyond bounds of tunestr -if the input tunable string is malformed, of the form name=name=val. -This gets processed twice, first as name=name=val and next as name=val, -resulting in tunestr being name=name=val:name=val, thus overflowing -tunestr. - -Terminate the parsing loop at the first instance itself so that tunestr -does not overflow. - -Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> -Reviewed-by: Carlos O'Donell <carlos@redhat.com> ---- - NEWS | 5 +++++ - elf/dl-tunables.c | 17 +++++++++------- - - ---- ./NEWS.orig 2023-01-31 21:27:45.000000000 -0600 -+++ ./NEWS 2023-10-03 15:47:54.560781260 -0500 -@@ -28,6 +28,11 @@ - heap and prints it to the target log file, potentially revealing a - portion of the contents of the heap. - -+ CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the -+ environment of a setuid program and NAME is valid, it may result in a -+ buffer overflow, which could be exploited to achieve escalated -+ privileges. This flaw was introduced in glibc 2.34. -+ - The following bugs are resolved with this release: - - [12154] network: Cannot resolve hosts which have wildcard aliases ---- ./elf/dl-tunables.c.orig 2023-01-31 21:27:45.000000000 -0600 -+++ ./elf/dl-tunables.c 2023-10-03 15:47:54.560781260 -0500 -@@ -187,11 +187,7 @@ - /* If we reach the end of the string before getting a valid name-value - pair, bail out. */ - if (p[len] == '\0') -- { -- if (__libc_enable_secure) -- tunestr[off] = '\0'; -- return; -- } -+ break; - - /* We did not find a valid name-value pair before encountering the - colon. */ -@@ -251,9 +247,16 @@ - } - } - -- if (p[len] != '\0') -- p += len + 1; -+ /* We reached the end while processing the tunable string. */ -+ if (p[len] == '\0') -+ break; -+ -+ p += len + 1; - } -+ -+ /* Terminate tunestr before we leave. */ -+ if (__libc_enable_secure) -+ tunestr[off] = '\0'; - } - #endif - |