Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <87tvk29qqo.fsf@oldenburg.str.redhat.com>
Date: Tue, 27 Nov 2018 22:04:31 +0100
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2018-19591: glibc if_nametoindex may not close descriptor

Guido Vranken reported that the glibc implementation of if_nametoindex
would not close an internal descriptor when processing a long interface
name.  This error condition can be triggered via the getaddrinfo
function (and at least one HTTP client library).

  <https://sourceware.org/bugzilla/show_bug.cgi?id=23927>

Fixed with this upstream commit:

commit d527c860f5a3f0ed687bd03f0cb464612dc23408
Author: Florian Weimer <fweimer@...hat.com>
Date:   Tue Nov 27 16:12:43 2018 +0100

    CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]

The vulnerability was introduced in commit
2180fee114b778515b3f560e5ff1e795282e60b0 ("Check length of ifname before
copying it into to ifreq structure."), fixing bug 22442 for glibc 2.27.
Since this addressed a compiler warning with GCC 8, this commit was
backported to quite a few release branches.

Thanks,
Florian

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.