diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2021-08-07 19:04:04 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2021-08-08 00:01:02 +0200 |
| commit | 667b86aaab3e72c3c6a80e2b7dcbe2da39c89d71 (patch) | |
| tree | 12041cb9dbd5f1f91ee2c6d37a9987ba7f28bf17 /source/l/glibc/patches/CVE-2021-27645.patch | |
| parent | 295fdc80f2f76c209bec6289e8a8115cbc3867d8 (diff) | |
| download | current-667b86aaab3e72c3c6a80e2b7dcbe2da39c89d71.tar.gz current-667b86aaab3e72c3c6a80e2b7dcbe2da39c89d71.tar.xz | |
Sat Aug 7 19:04:04 UTC 202120210807190404
a/aaa_glibc-solibs-2.33-x86_64-3.txz: Rebuilt.
a/usbutils-014-x86_64-1.txz: Upgraded.
ap/mariadb-10.6.4-x86_64-1.txz: Upgraded.
ap/nvme-cli-1.15-x86_64-1.txz: Upgraded.
l/glibc-2.33-x86_64-3.txz: Rebuilt.
Since glibc-2.34 makes a potentially risky change of moving all functions
into the main library, and another inconvenient (for us) change of renaming
the library files, we'll stick with glibc-2.33 for Slackware 15.0 and test
the newer glibc in the next release cycle. But we'll backport the security
fixes from glibc-2.34 with this update:
The nameserver caching daemon (nscd), when processing a request for netgroup
lookup, may crash due to a double-free, potentially resulting in degraded
service or Denial of Service on the local system. Reported by Chris Schanzle.
The mq_notify function has a potential use-after-free issue when using a
notification type of SIGEV_THREAD and a thread attribute with a non-default
affinity mask.
The wordexp function may overflow the positional parameter number when
processing the expansion resulting in a crash. Reported by Philippe Antoine.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35942
(* Security fix *)
l/glibc-i18n-2.33-x86_64-3.txz: Rebuilt.
l/glibc-profile-2.33-x86_64-3.txz: Rebuilt.
l/liburing-2.0-x86_64-1.txz: Added.
This is needed by mariadb, and provides increased performance on high speed
devices such as NVMe.
n/dovecot-2.3.16-x86_64-1.txz: Upgraded.
xap/blueman-2.2.2-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/l/glibc/patches/CVE-2021-27645.patch')
| -rw-r--r-- | source/l/glibc/patches/CVE-2021-27645.patch | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/source/l/glibc/patches/CVE-2021-27645.patch b/source/l/glibc/patches/CVE-2021-27645.patch new file mode 100644 index 000000000..c568dd16b --- /dev/null +++ b/source/l/glibc/patches/CVE-2021-27645.patch @@ -0,0 +1,20 @@ +--- ./nscd/netgroupcache.c.orig 2021-08-07 13:20:02.459057859 -0500 ++++ ./nscd/netgroupcache.c 2021-08-07 13:22:08.983060689 -0500 +@@ -248,7 +248,7 @@ + : NULL); + ndomain = (ndomain ? newbuf + ndomaindiff + : NULL); +- buffer = newbuf; ++ *tofreep = buffer = newbuf; + } + + nhost = memcpy (buffer + bufused, +@@ -319,7 +319,7 @@ + else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE) + { + buflen *= 2; +- buffer = xrealloc (buffer, buflen); ++ *tofreep = buffer = xrealloc (buffer, buflen); + } + else if (status == NSS_STATUS_RETURN + || status == NSS_STATUS_NOTFOUND |