Bug 1542119 (CVE-2018-6551)

Summary: CVE-2018-6551 glibc: integer overflow in malloc functions
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aoliva, arjun.is, ashankar, codonell, dj, fweimer, glibc-bugzilla, law, mfabian, mnewsome, pfrankli, siddhesh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: glibc 2.27 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-22 14:56:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1548031, 1548035, 1548036    
Bug Blocks: 1542106    

Description Laura Pardo 2018-02-05 15:41:32 UTC 
A flaw was found in glibc. In 2.24, MALLOC_ALIGNMENT was increased on ppc, which led to an integer overflow in _int_malloc. In 2.26, MALLOC_ALIGNMENT was increased on i386 as well, causing the same integer overflow to occur on i386 also. These overflows affect malloc as well as aligned memory allocation functions in cases where the requested alignment is small enough to internally use _int_malloc.


References:
https://sourceware.org/bugzilla/show_bug.cgi?id=22774

Patch:
https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
Comment 7 Pedro YĆ³ssis Silva Barbosa 2018-02-22 15:21:01 UTC 
Statement:

This issue did not affect the versions of glibc and compat-glibc as shipped with Red Hat Enterprise Linux 5, 6, and 7.