Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1542119 - (CVE-2018-6551) CVE-2018-6551 glibc: integer overflow in malloc functions
CVE-2018-6551 glibc: integer overflow in malloc functions
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20180202,repor...
: Security
Depends On: 1548031 1548035 1548036
Blocks: 1542106
  Show dependency treegraph
 
Reported: 2018-02-05 10:41 EST by Laura Pardo
Modified: 2018-02-22 10:22 EST (History)
12 users (show)

See Also:
Fixed In Version: glibc 2.27
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-02-22 09:56:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Laura Pardo 2018-02-05 10:41:32 EST 
A flaw was found in glibc. In 2.24, MALLOC_ALIGNMENT was increased on ppc, which led to an integer overflow in _int_malloc. In 2.26, MALLOC_ALIGNMENT was increased on i386 as well, causing the same integer overflow to occur on i386 also. These overflows affect malloc as well as aligned memory allocation functions in cases where the requested alignment is small enough to internally use _int_malloc.


References:
https://sourceware.org/bugzilla/show_bug.cgi?id=22774

Patch:
https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
Comment 7 Pedro Yóssis Silva Barbosa 2018-02-22 10:21:01 EST 
Statement:

This issue did not affect the versions of glibc and compat-glibc as shipped with Red Hat Enterprise Linux 5, 6, and 7.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.