Bug 28587

Summary: glibc new security issue CVE-2021-27645
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, brtians1, davidwhodgins, ouaurelien, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: glibc CVE: CVE-2021-27645
Status comment:

Description Thomas Backlund 2021-03-11 21:26:34 CET 
The nameserver caching daemon (nscd), when processing a request for netgroup
lookup, may crash due to a double-free, potentially resulting in degraded
service or Denial of Service on the local system (CVE-2021-27645).

SRPM:
glibc-2.32-15.mga8
Comment 1 Thomas Backlund 2021-03-11 21:51:35 CET 
i586:
glibc-2.32-15.mga8.i586.rpm
glibc-devel-2.32-15.mga8.i586.rpm
glibc-doc-2.32-15.mga8.noarch.rpm
glibc-i18ndata-2.32-15.mga8.i586.rpm
glibc-profile-2.32-15.mga8.i586.rpm
glibc-static-devel-2.32-15.mga8.i586.rpm
glibc-utils-2.32-15.mga8.i586.rpm
nscd-2.32-15.mga8.i586.rpm


x86_64:
glibc-2.32-15.mga8.x86_64.rpm
glibc-devel-2.32-15.mga8.x86_64.rpm
glibc-doc-2.32-15.mga8.noarch.rpm
glibc-i18ndata-2.32-15.mga8.x86_64.rpm
glibc-profile-2.32-15.mga8.x86_64.rpm
glibc-static-devel-2.32-15.mga8.x86_64.rpm
glibc-utils-2.32-15.mga8.x86_64.rpm
nscd-2.32-15.mga8.x86_64.rpm

Assignee: bugsquad => qa-bugs

Comment 2 Aurelien Oudelet 2021-03-16 15:52:21 CET 
Running this since day one availability.

No regression so far.
M8 x86_64 Plasma.

Advisory pushed to SVN.
Waiting for an other QA member who should test this.

CC: (none) => ouaurelien
CVE: (none) => CVE-2021-27645
Keywords: (none) => advisory
Whiteboard: (none) => MGA8-64-OK

Comment 3 Brian Rockwell 2021-03-16 16:00:23 CET 
Since I consider this infrastructure for us.


The following 2 packages are going to be installed:

- glibc-2.32-15.mga8.x86_64
- glibc-devel-2.32-15.mga8.x86_64


-- rebooted machine

I've been running without issue for about an hour.  Laptop - phys hardware

CC: (none) => brtians1

Comment 4 Dave Hodgins 2021-03-16 23:49:19 CET 
No regressions noticed. Validating the update.

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 5 Thomas Andrews 2021-03-17 00:37:30 CET 
You beat me to it, Dave.

I've been running it for a couple of hours with no problems, too.

CC: (none) => andrewsfarm

Comment 6 Mageia Robot 2021-03-17 07:17:26 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0138.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED