Bug 24279

Summary: Glibc 2 security issues, CVE-2016-10739 and CVE-2019-6488
Product: Mageia Reporter: Stig-Ørjan Smelror <smelror>
Component: SecurityAssignee: Base system maintainers <basesystem>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11, tmb
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: glibc-2.28-28.mga7.src.rpm CVE: CVE-2016-10739 CVE-2019-6488
Status comment:
Bug Depends on:    
Bug Blocks: 23912    

Description Stig-Ørjan Smelror 2019-02-01 10:57:54 CET 
Announced on the GLIBC mailing list.

https://sourceware.org/ml/libc-announce/2019/msg00000.html

  CVE-2019-6488: On x32, the size_t parameter may be passed in the lower
  32 bits of a 64-bit register with with non-zero upper 32 bit.  When it
  happened, accessing the 32-bit size_t value as the full 64-bit
  register in the assembly string/memory functions would cause a buffer
  overflow.
  Reported by H.J. Lu.

  CVE-2016-10739: The getaddrinfo function could successfully parse IPv4
  addresses with arbitrary trailing characters, potentially leading to
  data or command injection issues in applications.

CVE-2018-19591 has already been merged in our version.

Fixed in version 2.29.
Stig-Ørjan Smelror 2019-02-01 10:58:28 CET

CVE: (none) => CVE-2016-10739 CVE-2019-6488

David Walser 2019-02-01 17:51:44 CET

Whiteboard: (none) => MGA6TOO
Blocks: (none) => 23912

Comment 1 Thomas Backlund 2019-02-02 02:00:21 CET 
CVE-2019-6488 does not matter as we dont build or support x32 arch

but I pulled in the fix in the cauldron build anyway as it has been backported to the upstream glibc-2.28 branch.

I've also merged the fix for CVE-2016-10739 from glibc master in 

glibc-2.28-29.mga7

currently building

CC: (none) => tmb

Comment 2 David Walser 2019-02-02 16:44:02 CET 
Fixed in glibc-2.28-29.mga7 in Cauldron.

For Mageia 6 we have this and Bug 23912.

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6

Comment 3 Marja Van Waes 2019-02-03 08:40:52 CET 
(In reply to David Walser from comment #2)
> Fixed in glibc-2.28-29.mga7 in Cauldron.
> 
> For Mageia 6 we have this and Bug 23912.

Assigning to the Base System maintainers (the registered maintainer is already in the CC, welcome back to him :-) )

Assignee: bugsquad => basesystem
CC: (none) => marja11

Comment 4 David Walser 2019-08-06 17:52:50 CEST 
RedHat has issued an advisory for CVE-2016-10739 today (August 6):
https://access.redhat.com/errata/RHSA-2019:2118
Comment 5 David Walser 2019-11-05 23:22:43 CET 
Mageia 6 is EOL.

Resolution: (none) => OLD
Status: NEW => RESOLVED