| Summary: | CVE-2019-1010022 glibc: stack guard protection bypass | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | msiddiqu |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aoliva, arjun.is, ashankar, codonell, dj, fweimer, glibc-bugzilla, huzaifas, law, mfabian, mnewsome, pfrankli, rth, siddhesh |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-08-23 04:03:59 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 1546607, 1731965 | ||
| Bug Blocks: | 1731971 | ||
|
Description
msiddiqu
2019-07-22 12:43:35 UTC
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1731965] As per upstream (https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c1), this is a known flaw in the way stack canaries are implemented in by glibc. Proposed solutions include moving the TCB structure away from the stack and/or generating a new canary for each new thread, both of these changes are intrusive since they have an impact on the core structures and algorithms. Red Hat packages may be updated, once patches land upstream. This flaw has been marked as having Moderate impact because stack canaries are essentially a post-attack mitigation. Therefore this is not really a security flaw in glibc. |