Bugzilla – Bug 625835
VUL-0: CVE-2011-1071: glibc: fnmatch() buffer overflow
Last modified: 2019-05-01 15:22:52 UTC
Yeah, I have seen couple of various alloca bugs in glibc before; it would be good to go through all of them in glibc sometime and audit them... FYI, I'm on vacation until Aug 8 - if you think this should be dealt with before, perhaps the best person to contact would be Michael Matz.
mass change P5->P3
any news here? Maybe rather something for upstream?
Petr?
There is a fix for this in glibc git, but it has multiple bugs in it. I'm currently trying to sort it out with Ulrich. It would be best to include this in the upcoming next glibc maintenace update.
I prefer a security update.
published by Chris: http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html
petr, any news on this bug? has upstream found a good fix?
according to http://sourceware.org/bugzilla/show_bug.cgi?id=11883 a fix is upstream.
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f15ce4d8dc139523fe0c273580b604b2453acba6 CVE-2011-1071
The SWAMPID for this issue is 39331. This issue was rated as moderate. Please submit fixed packages until 2011-03-28. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
There is yet another fnmatch issue as it seems: Name: CVE-2011-1659 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1659 Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. Current Votes: None (candidate not yet proposed)
Submitted everywhere now, including Sebastian's new find.
finally released, thanks!
Update released for: glibc, glibc-32bit, glibc-debuginfo, glibc-debuginfo-32bit, glibc-debuginfo-64bit, glibc-debuginfo-x86, glibc-debugsource, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-locale-x86, glibc-obsolete, glibc-profile, glibc-profile-32bit, glibc-profile-x86, glibc-x86, nscd Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
Update released for: glibc, glibc-32bit, glibc-64bit, glibc-dceext, glibc-dceext-32bit, glibc-dceext-64bit, glibc-dceext-devel, glibc-dceext-x86, glibc-debuginfo, glibc-devel, glibc-devel-32bit, glibc-devel-64bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-locale-64bit, glibc-locale-x86, glibc-obsolete, glibc-profile, glibc-profile-32bit, glibc-profile-64bit, glibc-profile-x86, glibc-x86, nscd Products: SLE-DEBUGINFO 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Update released for: glibc, glibc-devel, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-profile, nscd, timezone Products: Novell-Linux-POS 9 (i386) Open-Enterprise-Server 9 (i386) SUSE-CORE 9 (i386, ia64, ppc, s390, s390x, x86_64)
*** Bug 695840 has been marked as a duplicate of this bug. ***