webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
bpfire/lfs/glibc
Michael Tremer a61a21ef75 glibc: Import latest patches from upstream 
These include (amongst others) fixes for:

GLIBC-SA-2024-0001:
===================
syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246)

__vsyslog_internal did not handle a case where printing a SYSLOG_HEADER
containing a long program name failed to update the required buffer
size, leading to the allocation and overflow of a too-small buffer on
the heap.

GLIBC-SA-2024-0002:
===================
syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779)

__vsyslog_internal used the return value of snprintf/vsnprintf to
calculate buffer sizes for memory allocation.  If these functions (for
any reason) failed and returned -1, the resulting buffer would be too
small to hold output.

GLIBC-SA-2024-0003:
===================
syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)

__vsyslog_internal calculated a buffer size by adding two integers, but
did not first check if the addition would overflow.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2024-01-31 11:09:41 +00:00

11 KiB
Raw Permalink Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink