[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications

* Moritz Mühlenhoff:

> Am Wed, Sep 09, 2020 at 12:30:44PM +0200 schrieb Aurelien Jarno:
>> control: forcemerge 967938 969926
>> 
>> Hi,
>> 
>> On 2020-09-09 02:58, Bernd Zeimetz wrote:
>> > Source: glibc
>> > Version: 2.28-10
>> > Severity: serious
>> > Tags: security upstream patch
>> > X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
>> > 
>> > Hi,
>> > 
>> > we are running into the bug
>> > https://sourceware.org/bugzilla/show_bug.cgi?id=20338
>> > causing systemd-sysusers to segfault.
>> > 
>> > Patch is available in the linked bug report.
>> 
>> This has already been reported, Florian will work on a backport, as it
>> is not straightforward to backport it to buster due to the usage of
>> private symbols.
>
> Florian, did you manage to backport this to 2.31? It would be nice to get this
> fixed for a Buster point release still.

Do you mean 2.28?  DJ Delorie did the backport, and Carlos O'Donell
implemented the GLIBC_PRIVATE ABI compatibility fix.  I'll see if I
can get the patches to apply to Debian's 2.28 tree.
Reply to: