Romain Geissler reported that getaddrinfo can leak memory after the fix for bug 30843 (CVE-2023-4806) has been applied. Already fixed for glibc 2.39 via: commit ec6b95c3303c700eb89eebeda2d7264cc184a796 Author: Romain Geissler <romain.geissler@amadeus.com> Date: Mon Sep 25 01:21:51 2023 +0100 Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843] This patch fixes a very recently added leak in getaddrinfo. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Since distributions have already started to backport the earlier fix, this needs a new CVE assignment for clear communication of the issue.
The master branch has been updated by Siddhesh Poyarekar <siddhesh@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fd134feba35fa839018965733b34d28a09a075dd commit fd134feba35fa839018965733b34d28a09a075dd Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Sep 26 07:38:07 2023 -0400 Document CVE-2023-4806 and CVE-2023-5156 in NEWS These are tracked in BZ #30884 and BZ #30843. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
The release/2.38/master branch has been updated by Siddhesh Poyarekar <siddhesh@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5ee59ca371b99984232d7584fe2b1a758b4421d3 commit 5ee59ca371b99984232d7584fe2b1a758b4421d3 Author: Romain Geissler <romain.geissler@amadeus.com> Date: Mon Sep 25 01:21:51 2023 +0100 Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843] This patch fixes a very recently added leak in getaddrinfo. This was assigned CVE-2023-5156. Resolves: BZ #30884 Related: BZ #30842 Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796)
The release/2.38/master branch has been updated by Siddhesh Poyarekar <siddhesh@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f6445dc94da185b3d1ee283f0ca0a34c4e1986cc commit f6445dc94da185b3d1ee283f0ca0a34c4e1986cc Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Sep 26 07:38:07 2023 -0400 Document CVE-2023-4806 and CVE-2023-5156 in NEWS These are tracked in BZ #30884 and BZ #30843. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit fd134feba35fa839018965733b34d28a09a075dd)
The release/2.37/master branch has been updated by Siddhesh Poyarekar <siddhesh@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4473d1b87d04b25cdd0e0354814eeaa421328268 commit 4473d1b87d04b25cdd0e0354814eeaa421328268 Author: Romain Geissler <romain.geissler@amadeus.com> Date: Mon Sep 25 01:21:51 2023 +0100 Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843] This patch fixes a very recently added leak in getaddrinfo. This was assigned CVE-2023-5156. Resolves: BZ #30884 Related: BZ #30842 Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796)
The release/2.37/master branch has been updated by Siddhesh Poyarekar <siddhesh@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=94ef70136587c40a357f775677997c753b3de56c commit 94ef70136587c40a357f775677997c753b3de56c Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Sep 26 07:38:07 2023 -0400 Document CVE-2023-4806 and CVE-2023-5156 in NEWS These are tracked in BZ #30884 and BZ #30843. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit fd134feba35fa839018965733b34d28a09a075dd)
The release/2.36/master branch has been updated by Siddhesh Poyarekar <siddhesh@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=856bac55f98dc840e7c27cfa82262b933385de90 commit 856bac55f98dc840e7c27cfa82262b933385de90 Author: Romain Geissler <romain.geissler@amadeus.com> Date: Mon Sep 25 01:21:51 2023 +0100 Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843] This patch fixes a very recently added leak in getaddrinfo. This was assigned CVE-2023-5156. Resolves: BZ #30884 Related: BZ #30842 Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796)
The release/2.36/master branch has been updated by Siddhesh Poyarekar <siddhesh@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=32957eb6a86acdbeec9f38a60a7d5a0ff32db03d commit 32957eb6a86acdbeec9f38a60a7d5a0ff32db03d Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Sep 26 07:38:07 2023 -0400 Document CVE-2023-4806 and CVE-2023-5156 in NEWS These are tracked in BZ #30884 and BZ #30843. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit fd134feba35fa839018965733b34d28a09a075dd)
The release/2.35/master branch has been updated by Siddhesh Poyarekar <siddhesh@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17092c0311f954e6f3c010f73ce3a78c24ac279a commit 17092c0311f954e6f3c010f73ce3a78c24ac279a Author: Romain Geissler <romain.geissler@amadeus.com> Date: Mon Sep 25 01:21:51 2023 +0100 Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843] This patch fixes a very recently added leak in getaddrinfo. This was assigned CVE-2023-5156. Resolves: BZ #30884 Related: BZ #30842 Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796)
The release/2.35/master branch has been updated by Siddhesh Poyarekar <siddhesh@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=73d4ce728a59deb2fd18969e559769b3f590fac9 commit 73d4ce728a59deb2fd18969e559769b3f590fac9 Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Sep 26 07:38:07 2023 -0400 Document CVE-2023-4806 and CVE-2023-5156 in NEWS These are tracked in BZ #30884 and BZ #30843. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit fd134feba35fa839018965733b34d28a09a075dd)
The release/2.34/master branch has been updated by Siddhesh Poyarekar <siddhesh@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8006457ab7e1cd556b919f477348a96fe88f2e49 commit 8006457ab7e1cd556b919f477348a96fe88f2e49 Author: Romain Geissler <romain.geissler@amadeus.com> Date: Mon Sep 25 01:21:51 2023 +0100 Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843] This patch fixes a very recently added leak in getaddrinfo. This was assigned CVE-2023-5156. Resolves: BZ #30884 Related: BZ #30842 Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796)
The release/2.34/master branch has been updated by Siddhesh Poyarekar <siddhesh@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c3b99f8328939533a9b6ac93e8ae7285e90fbdab commit c3b99f8328939533a9b6ac93e8ae7285e90fbdab Author: Siddhesh Poyarekar <siddhesh@sourceware.org> Date: Tue Sep 26 07:38:07 2023 -0400 Document CVE-2023-4806 and CVE-2023-5156 in NEWS These are tracked in BZ #30884 and BZ #30843. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit fd134feba35fa839018965733b34d28a09a075dd)
Fixed all the way back to 2.34.