Bug 101691
Summary: | CAN-2003-0689 Buffer overrun in getgrouplist function in initgroups.c | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Matt Seitz <mseitz> |
Component: | glibc | Assignee: | Jakub Jelinek <jakub> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.3 | CC: | fweimer |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
URL: | http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/grp/initgroups.c.diff?r1=1.28&r2=1.29&cvsroot=glibc | ||
Whiteboard: | |||
Fixed In Version: | 2.2.5-44 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-11-14 00:23:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Matt Seitz
2003-08-05 16:30:52 UTC
Sorry, that should have said "getgrouplist", not "getgroupslist" Changed summarry to make searching easier: -Removed quotation marks from getgrouplist -Added initgroups.c An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2003-249.html The errata mentioned in Comment #3 does not include a fix for Red Hat 7.3, the version I am using. So that errata does not solve my problem. We're still working on this issue for RHL releases where upgrading glibc has some side effects. Thank you for the update and continuing to work on this issue. Could the side effects be minimized by taking the existing glibc 2.2.5-43, adding the fix from "libc/grp/initgroups.c" rev. 1.29, and releasing a glibc 2.2.5-44? I just saw that Red Hat has released a glibc 2.2.5-44 that claims to fix this problem. Thank you for following through on this. We do not provide support for non-standard glibcs. If you want to do it you're on your own. No change which goes into an errata (especially for a release that old) is not needed. By leaving out changes you are doing something we don't regard as smart. I'm sorry, I wasn't clear when I wrote comment #6. I did not want to compile my own "glibc". Rather, I was suggesting how Red Hat could release an errata for 7.3 with a minimum of changes. Red Hat has since released an official errata, RHSA-2003:325-10 (https://rhn.redhat.com/errata/RHSA-2003-325.html), which fixes the problem. I now use that version. I appreciate Red Hat releasing an official fix for 7.3 before it reaches End of Life. |