summaryrefslogtreecommitdiffstats
path: root/source/l/glibc
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2023-10-03 22:19:10 +0000
committer Eric Hameleers <alien@slackware.com>2023-10-04 01:08:21 +0200
commit7a2ee07f950f14ce482ae370d28b18de8fcbde69 (patch)
treeb1ff69f347e10c2054f5faa019944d89990d1596 /source/l/glibc
parentcb4e8726f423a41c65ca89c8b8346b0974417940 (diff)
downloadcurrent-7a2ee07f950f14ce482ae370d28b18de8fcbde69.tar.gz
current-7a2ee07f950f14ce482ae370d28b18de8fcbde69.tar.xz
Tue Oct 3 22:19:10 UTC 202320231003221910
a/aaa_glibc-solibs-2.37-x86_64-3.txz: Rebuilt. a/dialog-1.3_20231002-x86_64-1.txz: Upgraded. ap/mpg123-1.32.3-x86_64-1.txz: Upgraded. d/llvm-17.0.2-x86_64-1.txz: Upgraded. d/meson-1.2.2-x86_64-2.txz: Rebuilt. [PATCH] Revert rust: apply global, project, and environment C args to bindgen. This fixes building Mesa. Thanks to lucabon and marav. kde/calligra-3.2.1-x86_64-34.txz: Rebuilt. Recompiled against poppler-23.10.0. kde/cantor-23.08.1-x86_64-2.txz: Rebuilt. Recompiled against poppler-23.10.0. kde/kfilemetadata-5.110.0-x86_64-2.txz: Rebuilt. Recompiled against poppler-23.10.0. kde/kile-2.9.93-x86_64-28.txz: Rebuilt. Recompiled against poppler-23.10.0. kde/kitinerary-23.08.1-x86_64-2.txz: Rebuilt. Recompiled against poppler-23.10.0. kde/krita-5.1.5-x86_64-15.txz: Rebuilt. Recompiled against poppler-23.10.0. kde/okular-23.08.1-x86_64-2.txz: Rebuilt. Recompiled against poppler-23.10.0. l/glibc-2.37-x86_64-3.txz: Rebuilt. l/glibc-i18n-2.37-x86_64-3.txz: Rebuilt. Patched to fix the "Looney Tunables" vulnerability, a local privilege escalation in ld.so. This vulnerability was introduced in April 2021 (glibc 2.34) by commit 2ed18c. Thanks to Qualys Research Labs for reporting this issue. For more information, see: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.cve.org/CVERecord?id=CVE-2023-4911 (* Security fix *) l/glibc-profile-2.37-x86_64-3.txz: Rebuilt. l/mozilla-nss-3.94-x86_64-1.txz: Upgraded. l/poppler-23.10.0-x86_64-1.txz: Upgraded. Shared library .so-version bump. n/NetworkManager-1.44.2-x86_64-1.txz: Upgraded. n/irssi-1.4.5-x86_64-1.txz: Upgraded. x/fcitx5-5.1.1-x86_64-1.txz: Upgraded. x/fcitx5-anthy-5.1.1-x86_64-1.txz: Upgraded. x/fcitx5-chinese-addons-5.1.1-x86_64-1.txz: Upgraded. x/fcitx5-gtk-5.1.0-x86_64-1.txz: Upgraded. x/fcitx5-hangul-5.1.0-x86_64-1.txz: Upgraded. x/fcitx5-kkc-5.1.0-x86_64-1.txz: Upgraded. x/fcitx5-m17n-5.1.0-x86_64-1.txz: Upgraded. x/fcitx5-qt-5.1.1-x86_64-1.txz: Upgraded. x/fcitx5-sayura-5.1.0-x86_64-1.txz: Upgraded. x/fcitx5-table-extra-5.1.0-x86_64-1.txz: Upgraded. x/fcitx5-table-other-5.1.0-x86_64-1.txz: Upgraded. x/fcitx5-unikey-5.1.1-x86_64-1.txz: Upgraded. x/libX11-1.8.7-x86_64-1.txz: Upgraded. This update fixes security issues: libX11: out-of-bounds memory access in _XkbReadKeySyms(). libX11: stack exhaustion from infinite recursion in PutSubImage(). libX11: integer overflow in XCreateImage() leading to a heap overflow. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003424.html https://www.cve.org/CVERecord?id=CVE-2023-43785 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://www.cve.org/CVERecord?id=CVE-2023-43787 (* Security fix *) x/libXpm-3.5.17-x86_64-1.txz: Upgraded. This update fixes security issues: libXpm: out of bounds read in XpmCreateXpmImageFromBuffer(). libXpm: out of bounds read on XPM with corrupted colormap. For more information, see: https://lists.x.org/archives/xorg-announce/2023-October/003424.html https://www.cve.org/CVERecord?id=CVE-2023-43788 https://www.cve.org/CVERecord?id=CVE-2023-43789 (* Security fix *) testing/packages/aaa_glibc-solibs-2.38-x86_64-2.txz: Rebuilt. testing/packages/glibc-2.38-x86_64-2.txz: Rebuilt. Patched to fix the "Looney Tunables" vulnerability, a local privilege escalation in ld.so. This vulnerability was introduced in April 2021 (glibc 2.34) by commit 2ed18c. Thanks to Qualys Research Labs for reporting this issue. For more information, see: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.cve.org/CVERecord?id=CVE-2023-4911 (* Security fix *) testing/packages/glibc-i18n-2.38-x86_64-2.txz: Rebuilt. testing/packages/glibc-profile-2.38-x86_64-2.txz: Rebuilt.
Diffstat (limited to 'source/l/glibc')
-rwxr-xr-xsource/l/glibc/glibc.SlackBuild2
-rw-r--r--source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch70
2 files changed, 71 insertions, 1 deletions
diff --git a/source/l/glibc/glibc.SlackBuild b/source/l/glibc/glibc.SlackBuild
index f8ed0d813..bac317163 100755
--- a/source/l/glibc/glibc.SlackBuild
+++ b/source/l/glibc/glibc.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=glibc
VERSION=${VERSION:-$(echo glibc-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
CHECKOUT=${CHECKOUT:-""}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
# I was considering disabling NSCD, but MoZes talked me out of it. :)
#DISABLE_NSCD=" --disable-nscd "
diff --git a/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch b/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch
new file mode 100644
index 000000000..074317990
--- /dev/null
+++ b/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch
@@ -0,0 +1,70 @@
+From 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Tue, 19 Sep 2023 18:39:32 -0400
+Subject: [PATCH] tunables: Terminate if end of input is reached
+ (CVE-2023-4911)
+
+The string parsing routine may end up writing beyond bounds of tunestr
+if the input tunable string is malformed, of the form name=name=val.
+This gets processed twice, first as name=name=val and next as name=val,
+resulting in tunestr being name=name=val:name=val, thus overflowing
+tunestr.
+
+Terminate the parsing loop at the first instance itself so that tunestr
+does not overflow.
+
+Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+---
+ NEWS | 5 +++++
+ elf/dl-tunables.c | 17 +++++++++-------
+
+
+--- ./NEWS.orig 2023-01-31 21:27:45.000000000 -0600
++++ ./NEWS 2023-10-03 15:47:54.560781260 -0500
+@@ -28,6 +28,11 @@
+ heap and prints it to the target log file, potentially revealing a
+ portion of the contents of the heap.
+
++ CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the
++ environment of a setuid program and NAME is valid, it may result in a
++ buffer overflow, which could be exploited to achieve escalated
++ privileges. This flaw was introduced in glibc 2.34.
++
+ The following bugs are resolved with this release:
+
+ [12154] network: Cannot resolve hosts which have wildcard aliases
+--- ./elf/dl-tunables.c.orig 2023-01-31 21:27:45.000000000 -0600
++++ ./elf/dl-tunables.c 2023-10-03 15:47:54.560781260 -0500
+@@ -187,11 +187,7 @@
+ /* If we reach the end of the string before getting a valid name-value
+ pair, bail out. */
+ if (p[len] == '\0')
+- {
+- if (__libc_enable_secure)
+- tunestr[off] = '\0';
+- return;
+- }
++ break;
+
+ /* We did not find a valid name-value pair before encountering the
+ colon. */
+@@ -251,9 +247,16 @@
+ }
+ }
+
+- if (p[len] != '\0')
+- p += len + 1;
++ /* We reached the end while processing the tunable string. */
++ if (p[len] == '\0')
++ break;
++
++ p += len + 1;
+ }
++
++ /* Terminate tunestr before we leave. */
++ if (__libc_enable_secure)
++ tunestr[off] = '\0';
+ }
+ #endif
+