Bug 1007545 (CVE-2013-4332)

Summary: CVE-2013-4332 glibc: three integer overflows in memory allocator
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ashankar, codonell, fweimer, jakub, jkurik, law, mfranc, pfrankli, pfrields, schwab, spoyarek
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-22 06:06:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1008298, 1008299, 1008310, 1011804, 1011805    
Bug Blocks: 974906, 1007547    

Description Vincent Danen 2013-09-12 18:06:03 UTC
Will Newton reported [1] three integer overflow flaws in the glibc memory allocator functions: pvalloc [2],[3], valloc [4],[5], and posix_memalign/memalign/assigned_alloc [6],[7].  These issues cause a large allocation size to wrap around and cause a wrong sized allocation and heap corruption.


[1] http://www.openwall.com/lists/oss-security/2013/09/11/2
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=15855
[3] http://sourceware.org/git/?p=glibc.git;a=commit;h=1159a193696ad48ec86e5895f6dee3e539619c0e
[4] https://sourceware.org/bugzilla/show_bug.cgi?id=15856
[5] http://sourceware.org/git/?p=glibc.git;a=commit;h=55e17aadc1ef17a1df9626fb0e9fba290ece3331
[6] https://sourceware.org/bugzilla/show_bug.cgi?id=15857
[7] http://sourceware.org/git/?p=glibc.git;a=commit;h=b73ed247781d533628b681f57257dc85882645d3

Comment 2 Huzaifa S. Sidhpurwala 2013-09-16 06:06:23 UTC
Created glibc tracking bugs for this issue:

Affects: fedora-all [bug 1008299]

Comment 4 Carlos O'Donell 2013-09-17 20:07:30 UTC
The glibc team is aware of this bug and will be backporting the upstream fixes.

Comment 7 Fedora Update System 2013-09-26 06:12:42 UTC
glibc-2.18-9.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2013-09-28 00:06:46 UTC
glibc-2.17-18.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 errata-xmlrpc 2013-10-08 16:24:45 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1411 https://rhn.redhat.com/errata/RHSA-2013-1411.html

Comment 10 errata-xmlrpc 2013-11-21 11:03:38 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1605 https://rhn.redhat.com/errata/RHSA-2013-1605.html