Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications
On Fri, Jun 04, 2021 at 08:34:50PM +0200, Florian Weimer wrote:
> * Moritz Mühlenhoff:
>
> > Am Wed, Sep 09, 2020 at 12:30:44PM +0200 schrieb Aurelien Jarno:
> >> control: forcemerge 967938 969926
> >>
> >> Hi,
> >>
> >> On 2020-09-09 02:58, Bernd Zeimetz wrote:
> >> > Source: glibc
> >> > Version: 2.28-10
> >> > Severity: serious
> >> > Tags: security upstream patch
> >> > X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
> >> >
> >> > Hi,
> >> >
> >> > we are running into the bug
> >> > https://sourceware.org/bugzilla/show_bug.cgi?id=20338
> >> > causing systemd-sysusers to segfault.
> >> >
> >> > Patch is available in the linked bug report.
> >>
> >> This has already been reported, Florian will work on a backport, as it
> >> is not straightforward to backport it to buster due to the usage of
> >> private symbols.
> >
> > Florian, did you manage to backport this to 2.31? It would be nice to get this
> > fixed for a Buster point release still.
>
> Do you mean 2.28? DJ Delorie did the backport, and Carlos O'Donell
> implemented the GLIBC_PRIVATE ABI compatibility fix. I'll see if I
> can get the patches to apply to Debian's 2.28 tree.
Yeah, sorry for the confusion. I meant Buster's 2.28.
Cheers,
Moritz
Reply to: