Bug 11223

Summary: glibc - integer overflow in pvalloc, valloc, and memalign (CVE-2013-4332)
Product: Mageia Reporter: Oden Eriksson <oe>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: tmb
Version: 2   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332
Whiteboard:
Source RPM: glibc CVE:
Status comment:
Bug Depends on: 11059    
Bug Blocks:    
Attachments: patch from http://www.openwall.com/lists/oss-security/2013/09/12/6

Description Oden Eriksson 2013-09-13 09:06:35 CEST 
http://www.openwall.com/lists/oss-security/2013/09/11/2

"Date: Wed, 11 Sep 2013 12:49:04 +0100
From: Will Newton <will.newton@...aro.org>
To: oss-security@...ts.openwall.com
Subject: CVE Request: Three integer overflows in glibc memory allocator

Hi,

I recently discovered three integer overflow issues in the glibc
memory allocator functions pvalloc, valloc and
posix_memalign/memalign/aligned_alloc. These issues cause a large
allocation size to wrap around and cause a wrong sized allocation and
heap corruption. The issues are fixed in glibc mainline.

The relevant glibc bugzilla entries are here:

https://sourceware.org/bugzilla/show_bug.cgi?id=15855
https://sourceware.org/bugzilla/show_bug.cgi?id=15856
https://sourceware.org/bugzilla/show_bug.cgi?id=15857

Thanks,

-- 
Will Newton
Toolchain Working Group, Linaro"


CVE assignment:
http://www.openwall.com/lists/oss-security/2013/09/11/7

Patch from:
http://www.openwall.com/lists/oss-security/2013/09/12/6


Reproducible: 

Steps to Reproduce:
Comment 1 Oden Eriksson 2013-09-13 09:07:11 CEST 
Created attachment 4350 [details]
patch from  http://www.openwall.com/lists/oss-security/2013/09/12/6
David Walser 2013-09-13 16:24:58 CEST

Depends on: (none) => 11059
Summary: CVE-2013-4332: glibc - integer overflow in pvalloc, valloc, and memalign => glibc - integer overflow in pvalloc, valloc, and memalign (CVE-2013-4332)

Comment 2 Thomas Backlund 2013-10-06 21:11:49 CEST 
This fix is tracked/fixed in:
https://bugs.mageia.org/show_bug.cgi?id=11059

*** This bug has been marked as a duplicate of bug 11059 ***

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => DUPLICATE