Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHjsZGaZcrGn-cuv9yiXpPR81pebRd=AimOeR2xPiQR-GMiZkQ@mail.gmail.com>
Date: Tue, 3 Oct 2023 16:26:42 -0300
From: Rodrigo Freire <rfreire@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2023-4806, CVE-2023-5156: glibc: potential
 use-after-free in getaddrinfo()

On Tue, Oct 3, 2023 at 4:18 PM Solar Designer <solar@...nwall.com> wrote:
> Hi,

Hello,

<snip>

> https://access.redhat.com/security/cve/CVE-2023-5156
> Puzzlingly, the latter URL lists RHEL 9 as affected, even though I think
> the original buggy fix hasn't yet made it into a RHEL 9 glibc update.
> Maybe that's part of Red Hat's tracking of what's in their pipeline.

The affected code was backported into RHEL9's glibc and it is affected.
The fix is traversing our productization pipeline and we will ship
when it's done.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.