Bug 797096 - glibc: unbound alloca use in glob_in_dir
Summary: glibc: unbound alloca use in glob_in_dir
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: glibc
Version: 5.8
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Jeff Law
QA Contact: qe-baseos-tools-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-24 09:25 UTC by Tomas Hoger
Modified: 2015-01-28 15:33 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Subset of RHEL 6.3 BZ 797094, RHEL 5.9 update doesn't affect nscd.
Clone Of:
Environment:
Last Closed: 2013-01-08 03:46:12 UTC
Target Upstream Version:


Attachments (Terms of Use)
Patch part#1 (18.69 KB, patch)
2012-05-11 03:46 UTC, Jeff Law
no flags Details | Diff
Patch part #2 (19.20 KB, patch)
2012-05-11 03:47 UTC, Jeff Law
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:0022 normal SHIPPED_LIVE glibc bug fix and enhancement update 2013-01-08 08:38:20 UTC

Description Tomas Hoger 2012-02-24 09:25:11 UTC
+++ This bug was initially created as a clone of Bug #797094 +++

Description of problem:
Upstream has fixed couple of unbound alloca uses which can lead to program crashes if excessively long inputs are passed to certain functions.

RHEL-5 glibc version does not seem to have affected nscd_getserv_r, but the glob and getaddrinfo issues should apply.

Comment 1 RHEL Program Management 2012-04-02 13:09:29 UTC
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.

Comment 3 Jeff Law 2012-05-11 03:46:41 UTC
Created attachment 583711 [details]
Patch part#1

Comment 4 Jeff Law 2012-05-11 03:47:07 UTC
Created attachment 583712 [details]
Patch part #2

Comment 7 Patsy Griffin 2012-06-12 02:43:47 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Same as RHEL 6.3 BZ 797094

Comment 8 Jeff Law 2012-06-12 17:01:24 UTC
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1 @@
-Same as RHEL 6.3 BZ 797094+Subset of RHEL 6.3 BZ 797094, RHEL 5.9 update doesn't affect nscd.

Comment 10 errata-xmlrpc 2013-01-08 03:46:12 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0022.html


Note You need to log in before you can comment on or make changes to this bug.