mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
a61a21ef75
These include (amongst others) fixes for: GLIBC-SA-2024-0001: =================== syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246) __vsyslog_internal did not handle a case where printing a SYSLOG_HEADER containing a long program name failed to update the required buffer size, leading to the allocation and overflow of a too-small buffer on the heap. GLIBC-SA-2024-0002: =================== syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779) __vsyslog_internal used the return value of snprintf/vsnprintf to calculate buffer sizes for memory allocation. If these functions (for any reason) failed and returned -1, the resulting buffer would be too small to hold output. GLIBC-SA-2024-0003: =================== syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780) __vsyslog_internal calculated a buffer size by adding two integers, but did not first check if the addition would overflow. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>