Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4eb93d94-2788-3d38-06e7-53cfe9d43a52@ehuk.net>
Date: Sat, 21 Oct 2017 19:19:46 +0100
From: Eddie Chapman <eddie@...k.net>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-15670, CVE-2017-15671 glibc: Buffer overflow and memory leak
 in glob with GLOB_TILDE

Just a heads up for anyone around over the weekend ...

== CVE-2017-15670 ==
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670
"The GNU C Library (aka glibc or libc6) before 2.27 contains an 
off-by-one error leading to a heap-based buffer overflow in the glob 
function in glob.c, related to the processing of home directories using 
the ~ operator followed by a long string."

https://sourceware.org/bugzilla/show_bug.cgi?id=22320

https://bugzilla.redhat.com/show_bug.cgi?id=1504804
"It is possible that an attacker might use this to escalate his 
privileges or execute code."

Upstream patch:
https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f


== CVE-2017-15671 ==
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671
"The glob function in glob.c in the GNU C Library (aka glibc or libc6) 
before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated 
memory when processing the ~ operator with a long user name, potentially 
leading to a denial of service (memory leak)."

https://sourceware.org/bugzilla/show_bug.cgi?id=22325
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.