Bug 1383297 (CVE-2016-6323)

Summary: CVE-2016-6323 glibc: Missing unwind info in __startcontext causes infinite loop in _Unwind_Backtrace
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: arjun.is, ashankar, codonell, dj, fweimer, jakub, law, mfabian, mnewsome, pfrankli, sardella, siddhesh, tcallawa
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: glibc 2.25 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-10 11:57:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1383298, 1383311    
Bug Blocks: 1383299    

Description Adam Mariš 2016-10-10 11:36:07 UTC 
Missing unwind info in __startcontext was found that can lead to infinite loop in _Unwind_Backtrace. Generating stack trace in application code compiled with gccgo can trigger this, causing the affected process hanging up instead of error message.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=20435
Comment 1 Adam Mariš 2016-10-10 11:36:40 UTC 
Created glibc tracking bugs for this issue:

Affects: fedora-all [bug 1383298]
Comment 2 Adam Mariš 2016-10-10 11:57:17 UTC 
Affects only ARM EABI (32-bit) platforms.
Comment 3 Adam Mariš 2016-10-10 11:59:47 UTC 
Created glibc-arm-linux-gnu tracking bugs for this issue:

Affects: fedora-all [bug 1383311]