From patchwork Tue Jan 30 18:40:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arjun Shankar X-Patchwork-Id: 1893079 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=DdFMrcAF; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TPYtR4x3Wz23gZ for ; Wed, 31 Jan 2024 05:42:07 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8B26E3857356 for ; Tue, 30 Jan 2024 18:42:05 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id AD8FC385770C for ; Tue, 30 Jan 2024 18:41:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AD8FC385770C Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org AD8FC385770C Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1706640062; cv=none; b=UiI4LlFXH3xhLBWpKNrxHjSYkM0UwkpaYw5QrVz1F2orfw00n9OsxxcaufqHxwoyPrmeCtVVAG+J1LtavpNtmS0a4x7nOGG7P6o1GW3I9wmwqDuQseT8fIWpkio5gVVr7aDhfbmX82ndGo6518M1KGCHLO7zcQ/LAmjhU/cLQvc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1706640062; c=relaxed/simple; bh=0GNt57OGKjFbNADoZWxbpn1WGKkBLoKwLoitpxxseX0=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=sg7tYDeWN2GBBy9fPRkjWDrKQksV9W+V0jiSuYyPUEiymdQpZ4Z3ynkZcpnahBggpTqXxR9XuFzSUUXXaBCASy2jqop4ssWkqf7SrfXbdTTuaTkQI7LYdaVyMI3+sr6EXmqSldx/0QVrTMNOUhffSMAWrmhLbUygI6RMBckt9K0= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1706640060; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BTaG4FFYfxAW4YjSCnlAyn5AarqcrJDLpakOPRLStvI=; b=DdFMrcAFoMwSP/XWPYC661YwpUH+pkZKromo8btnIjZNTDMaGLEcPmRaCpsyYyRi03yg4Q FMmS267SeaFrHpygxBqXIOs61GtA22roIdih1kiNvIHGijjUia0bHMkut4ubxeseZXWwLR LJVyM9ddKqH6Hiyhgo55Js8GBlDSXwU= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-641-tFeT8FjENTaDTKKim8oc-g-1; Tue, 30 Jan 2024 13:40:58 -0500 X-MC-Unique: tFeT8FjENTaDTKKim8oc-g-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7AF4A1C0512C for ; Tue, 30 Jan 2024 18:40:58 +0000 (UTC) Received: from x1carbon9g.. (dhcp129-93.brq.redhat.com [10.34.129.93]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 054E42026D66; Tue, 30 Jan 2024 18:40:57 +0000 (UTC) From: Arjun Shankar To: libc-alpha@sourceware.org Cc: Arjun Shankar Subject: [COMMITTED 4/4] Document CVE-2023-6246, CVE-2023-6779, and CVE-2023-6780 Date: Tue, 30 Jan 2024 19:40:44 +0100 Message-ID: <20240130184045.511720-4-arjun@redhat.com> In-Reply-To: <20240130184045.511720-1-arjun@redhat.com> References: <20240130184045.511720-1-arjun@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_LOTSOFHASH, KAM_NUMSUBJECT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org This commit adds "advisories" entries for the above three CVEs. --- advisories/GLIBC-SA-2024-0001 | 15 +++++++++++++++ advisories/GLIBC-SA-2024-0002 | 15 +++++++++++++++ advisories/GLIBC-SA-2024-0003 | 13 +++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 advisories/GLIBC-SA-2024-0001 create mode 100644 advisories/GLIBC-SA-2024-0002 create mode 100644 advisories/GLIBC-SA-2024-0003 diff --git a/advisories/GLIBC-SA-2024-0001 b/advisories/GLIBC-SA-2024-0001 new file mode 100644 index 0000000000..28931c75ae --- /dev/null +++ b/advisories/GLIBC-SA-2024-0001 @@ -0,0 +1,15 @@ +syslog: Heap buffer overflow in __vsyslog_internal + +__vsyslog_internal did not handle a case where printing a SYSLOG_HEADER +containing a long program name failed to update the required buffer +size, leading to the allocation and overflow of a too-small buffer on +the heap. + +CVE-Id: CVE-2023-6246 +Public-Date: 2024-01-30 +Vulnerable-Commit: 52a5be0df411ef3ff45c10c7c308cb92993d15b1 (2.37) +Fix-Commit: 6bd0e4efcc78f3c0115e5ea9739a1642807450da (2.39) +Fix-Commit: 23514c72b780f3da097ecf33a793b7ba9c2070d2 (2.38-42) +Fix-Commit: 97a4292aa4a2642e251472b878d0ec4c46a0e59a (2.37-57) +Vulnerable-Commit: b0e7888d1fa2dbd2d9e1645ec8c796abf78880b9 (2.36-16) +Fix-Commit: d1a83b6767f68b3cb5b4b4ea2617254acd040c82 (2.36-126) diff --git a/advisories/GLIBC-SA-2024-0002 b/advisories/GLIBC-SA-2024-0002 new file mode 100644 index 0000000000..940bfcf2fc --- /dev/null +++ b/advisories/GLIBC-SA-2024-0002 @@ -0,0 +1,15 @@ +syslog: Heap buffer overflow in __vsyslog_internal + +__vsyslog_internal used the return value of snprintf/vsnprintf to +calculate buffer sizes for memory allocation. If these functions (for +any reason) failed and returned -1, the resulting buffer would be too +small to hold output. + +CVE-Id: CVE-2023-6779 +Public-Date: 2024-01-30 +Vulnerable-Commit: 52a5be0df411ef3ff45c10c7c308cb92993d15b1 (2.37) +Fix-Commit: 7e5a0c286da33159d47d0122007aac016f3e02cd (2.39) +Fix-Commit: d0338312aace5bbfef85e03055e1212dd0e49578 (2.38-43) +Fix-Commit: 67062eccd9a65d7fda9976a56aeaaf6c25a80214 (2.37-58) +Vulnerable-Commit: b0e7888d1fa2dbd2d9e1645ec8c796abf78880b9 (2.36-16) +Fix-Commit: 2bc9d7c002bdac38b5c2a3f11b78e309d7765b83 (2.36-127) diff --git a/advisories/GLIBC-SA-2024-0003 b/advisories/GLIBC-SA-2024-0003 new file mode 100644 index 0000000000..b43a5150ab --- /dev/null +++ b/advisories/GLIBC-SA-2024-0003 @@ -0,0 +1,13 @@ +syslog: Integer overflow in __vsyslog_internal + +__vsyslog_internal calculated a buffer size by adding two integers, but +did not first check if the addition would overflow. + +CVE-Id: CVE-2023-6780 +Public-Date: 2024-01-30 +Vulnerable-Commit: 52a5be0df411ef3ff45c10c7c308cb92993d15b1 (2.37) +Fix-Commit: ddf542da94caf97ff43cc2875c88749880b7259b (2.39) +Fix-Commit: d37c2b20a4787463d192b32041c3406c2bd91de0 (2.38-44) +Fix-Commit: 2b58cba076e912961ceaa5fa58588e4b10f791c0 (2.37-59) +Vulnerable-Commit: b0e7888d1fa2dbd2d9e1645ec8c796abf78880b9 (2.36-16) +Fix-Commit: b9b7d6a27aa0632f334352fa400771115b3c69b7 (2.36-128)