Re: [SECURITY] [DSA 149-1] New glibc packages fix security related problems
Wolfram Gloger wrote:
>>An integer overflow bug has been discovered in the RPC library used by
>>GNU libc, which is derived from the SunRPC library. This bug could be
>>exploited to gain unauthorized root access to software linking to this
>>code. The packages below also fix integer overflows in the malloc
>>code. They also contain a fix from Andreas Schwab to reduce
>>linebuflen in parallel to bumping up the buffer pointer in the NSS DNS
>>code.
>>
>>This problem has been fixed in version 2.1.3-23 for the old stable
>>distribution (potato), in version 2.2.5-11.1 for the current stable
>>distribution (woody) and in version 2.2.5-13 for the unstable
>>distribution (sid).
> 2. glibc-2.2.5-13 does contain the xdr_array patch, but _not_ any new
> malloc patch, unlike the statement in the advisory.
That's right. We prepare to fix in -14 soon.
> 3. Both 1. and 2. are _not so bad_ when it comes to the malloc issue,
> however, because the malloc patch contained in
> glibc-xdr-malloc-security.dpatch in 2.2.5-11.1 is _badly broken_.
> It replaces the potential overflow with a much more likely division
> by zero (elem_size can be zero!). I would suggest that
> glibc-xdr-malloc-security.dpatch is replaced by the appended file,
> which contains the malloc CVS changes from the stable
> glibc-2_2-branch, and fixes this issue, also with a performance
> improvement.
Thanks, your patch seems good.
BTW, why can you say 'with a performance improvement'?
I wonder this from looking at this patch and from upstream
discussion (including you :).
-- gotom
Reply to: