Summary: | Parsing of /etc/gshadow can return bad pointers causing segfaults in applications | ||
---|---|---|---|
Product: | glibc | Reporter: | fedora.dm0 |
Component: | libc | Assignee: | Florian Weimer <fweimer> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | carlos, drepper.fsp, fedora.dm0, fweimer, howaboutsynergy, jasonvperrin, sam |
Priority: | P2 | Flags: | fweimer:
security-
|
Version: | 2.21 | ||
Target Milestone: | 2.32 | ||
See Also: |
https://github.com/systemd/systemd/issues/6512 https://bugzilla.redhat.com/show_bug.cgi?id=1793577 https://sourceware.org/bugzilla/show_bug.cgi?id=30151 |
||
Host: | Target: | ||
Build: | Last reconfirmed: | 2016-07-11 00:00:00 | |
Attachments: | gshadow: Sync fgetsgent_r.c with grp/fgetgrent_r.c |
Description
fedora.dm0
2016-07-08 14:44:55 UTC
Created attachment 9705 [details]
gshadow: Sync fgetsgent_r.c with grp/fgetgrent_r.c
Can this be applied to make it into the next release? This is affecting us too (specifically this bug, leading to https://github.com/systemd/systemd/issues/6512 in systemd, which then leads to https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1848614 when installing tomcat9 on Ubuntu bionic). Any updates on this, the patch attached, or anything we can do to help get the patch merged? Thanks for your work on glibc! Fixed for glibc 2.32 via: commit 2add4235ef674988948155f9a8f60a8c7b09bcff Author: Florian Weimer <fweimer@redhat.com> Date: Thu Jul 16 17:31:20 2020 +0200 gshadow: Implement fgetsgent_r using __nss_fgetent_r (bug 20338) Tested-by: Carlos O'Donell <carlos@redhat.com> Reviewed-by: Carlos O'Donell <carlos@redhat.com> I'm flagging this as security- because the affected files contain trusted content. |