From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id D043F3858C29; Mon, 8 Jan 2024 11:11:26 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D043F3858C29 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1704712286; bh=swVcOZsGUjdYPke/KZj835kZObdzWUQYji3h0G+2654=; h=From:To:Subject:Date:In-Reply-To:References:From; b=r9BkxNiVdOvIZ7FB7oyQ233J7LSn6R15e3w5FkvcKJZgeyOXSrclpL63XWm0Uhm2y 7nIS6oQl79S9wrdFvd/l57xG6xOt90uxyit8kRmlpblNnGjZLOLItoG6Y/egsm3hd4 b1YsnxLBJLFBvTtkZRkcnujuGP94vx3nt7nt5i2Y= From: "camila.camargodematos at canonical dot com" To: glibc-bugs@sourceware.org Subject: [Bug nscd/29605] Regression in NSCD backend of getaddrinfo Date: Mon, 08 Jan 2024 11:11:25 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: nscd X-Bugzilla-Version: 2.36 X-Bugzilla-Keywords: X-Bugzilla-Severity: critical X-Bugzilla-Who: camila.camargodematos at canonical dot com X-Bugzilla-Status: RESOLVED X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: siddhesh at sourceware dot org X-Bugzilla-Target-Milestone: 2.37 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D29605 Camila Camargo de Matos change= d: What |Removed |Added ---------------------------------------------------------------------------- CC| |camila.camargodematos@canon | |ical.com --- Comment #13 from Camila Camargo de Matos --- Hello, When recently trying to patch CVE-2023-4806 in glibc for Ubuntu 22.04 LTS, = the Ubuntu Security Team came across a possible regression in version 2.35 that seems to be related to this bug. This is the link to the bug report containing more information on the issue that users came across in Ubuntu 22.04 LTS: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2047155 When patching Ubuntu 22.04's version of glibc (2.35) for CVE-2023-4806 (and CVEs CVE-2023-4813 and CVE-2023-5156), several of the refactoring commits in branch release/2.35/master were added as well in order to avoid any possible issues and simplify the application of the CVE patch (these refactoring com= mits are the ones added to sysdeps/posix/getaddrinfo.c in 2023-09). In this grou= p of commits was commit ce64e72b, which is cherry-picked from e7e5315b, mentioned here as the cause of the issue in nscd, consequence of a typo in the refactoring. Analysis of the release/2.35/master branch seems to indicate that the fix to this typo was not applied to glibc 2.35, and the report in the Ubuntu Launc= hpad bug shows version 2.35 of glibc (more specifically, nscd) being affected by= a regression when previously mentioned refactoring commits are added. A new version of the Ubuntu 22.04 glibc package will be released and this n= ew version contains the fix provided in this sourceware bug (commit 227c9035) = as well as three other refactoring commits (backported from the release/2.36/master branch as well. These are: bc0d18d8, 06890c7b and d3f2c2c8). Adding these additional changes to the 22.04 glibc 2.35 package = seem to have resolved the issue being reported in the Ubuntu Launchpad bug. I mention this here in case 2.35 is still being supported, so that the fix = to this issue can be included in that branch as well. Regards, Camila Camargo de Matos. --=20 You are receiving this mail because: You are on the CC list for the bug.=