From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) by sourceware.org (Postfix) with ESMTPS id AE95C3858CDA for ; Tue, 30 Jan 2024 18:23:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AE95C3858CDA Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org AE95C3858CDA Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::432 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1706639034; cv=none; b=eKN1eFK164+X+6ANQ2DiUxFhupnoI2peIwolkPd2I576tGE726cX7bRQI8taG4VBntlv2VQcsfV+76JIaZM2sVC4a1zHBtRWe/nCrGUooKKjTi/k5ztMuGlCsnb5uMg3kBOIMKb04E/Dtel+OjzV3YAtMUeBxpFokWDeICn+MRo= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1706639034; c=relaxed/simple; bh=GrAFZQ3DqliYwtzgPMwr4T4IdP/bSbUuxi1rlqMbSvQ=; h=DKIM-Signature:Message-ID:Date:MIME-Version:To:From:Subject; b=sAEQzojpilkUTbcEV0AmEBUqrUxGO99SWyrYJrcRSWQrlgHOE5X80IxoqhbzW0TSzgNOMxbwuKVpC7BgpYWmZ3ADPJHqmduoLEMaWIFqZTtyrNMdztRBqszMSuT4DPvH66bJufbtoYkNJ53HDxwaB9K0MX4yC2RqswIQlnLxJpc= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-6ddcfda697cso3205667b3a.2 for ; Tue, 30 Jan 2024 10:23:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1706639031; x=1707243831; darn=sourceware.org; h=content-transfer-encoding:organization:subject:from:to :content-language:user-agent:mime-version:date:message-id:from:to:cc :subject:date:message-id:reply-to; bh=DLufCKdZJHfpepTbuJTM8HfC247LcvzrAOtE86sQQNo=; b=T/VvAF2gkJc+Ug4NQiL6/ru3h1O6Iq6KKdE+3+cjR4WIttDjNrToMVseqEGYP0dvaM n41Z1WTlrTpBmDA7V8gVqf8TvZJ56tfltmFe9ymrFvj6v8+OZuR+GUsi73Kl5pGOFW0v UjaRtpmcCZOzFGjmirJdjTu07bsf3CZBqdwO5mOY+nfs9ej/V2MXmbiQP7tUTRUsqfsb VzkZ4Kj28zSkfc1jog4z7PC2qPdGn8msA+UmBGfm5+tXx9StaXtx1hfTZqQgtWHLEP4L vWWanbmxb8IDjZBAEk5UOvQCs2ynKfwpMVxBOulazVqXnD+aokERxOXvQlBqoxtMHu0j CKhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706639031; x=1707243831; h=content-transfer-encoding:organization:subject:from:to :content-language:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=DLufCKdZJHfpepTbuJTM8HfC247LcvzrAOtE86sQQNo=; b=PzigXCc6wWdq05eXwEeZDBjG2Y8lNNY4q2YcsC6XyEUgOF/Hak5ogn3vNflj0NYWNl cyOSZIJXrkW9XpAhSwD+OudSK+KKl+wwKviVvNAosY9uCeEmxLMUI+WIY/y5fuIaEtUM aylugceoqRT+DOEVDAnkm0uxGxXF4G75xnaUz2iH/BijaI+nnk9CAbbfv/G+meAYuhs1 sc6fowdbagqDPS86ycXoUjc3k4sHe43f7dlGfOny7gB3zkcPMpmeY7ChGrfKCeT86g3A xH1fQNFGj1cKsXeUYT/zXRo+tq+8zeXOKXCZTTNIJ0EeCv7C6KipRLfI9qK4p0K47P9z OU/Q== X-Gm-Message-State: AOJu0YwZVnrGWgYib2H+kbwby1Iit0Gzau3nBE89IHyBGqMfNzVX/Gpa xFdyB09lwR6220GdIX5H/z77WED7tzZNCVOD/tWG5xUdAf/OzgbC31SmIl6fZf0hWAdMMp2OEHm L X-Google-Smtp-Source: AGHT+IGCdr70DZRg33lXL4AwAAo9FG/gkjpqovqas1+voRtcJ7kHiSYIA8/h0ULn/1TXrPFuyIwNuw== X-Received: by 2002:a05:6a00:93a1:b0:6de:325d:8ed9 with SMTP id ka33-20020a056a0093a100b006de325d8ed9mr5310030pfb.29.1706639030702; Tue, 30 Jan 2024 10:23:50 -0800 (PST) Received: from ?IPV6:2804:1b3:a7c3:574b:21d1:1aa1:576f:ec68? ([2804:1b3:a7c3:574b:21d1:1aa1:576f:ec68]) by smtp.gmail.com with ESMTPSA id x6-20020aa784c6000000b006dbd5a5dca9sm8176241pfn.185.2024.01.30.10.23.49 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 30 Jan 2024 10:23:50 -0800 (PST) Message-ID: <3c033dae-60ca-4c62-9c35-f8a1ef3a6e66@linaro.org> Date: Tue, 30 Jan 2024 15:23:49 -0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: libc-announce@sourceware.org From: Adhemerval Zanella Netto Subject: The GNU C Library security advisories update for 2024-02-30 Organization: Linaro Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-5.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: The following security advisories have been published: GLIBC-SA-2024-0001: =================== syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246) __vsyslog_internal did not handle a case where printing a SYSLOG_HEADER containing a long program name failed to update the required buffer size, leading to the allocation and overflow of a too-small buffer on the heap. GLIBC-SA-2024-0002: =================== syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779) __vsyslog_internal used the return value of snprintf/vsnprintf to calculate buffer sizes for memory allocation. If these functions (for any reason) failed and returned -1, the resulting buffer would be too small to hold output. GLIBC-SA-2024-0003: =================== syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780) __vsyslog_internal calculated a buffer size by adding two integers, but did not first check if the addition would overflow. Notes: ====== Published advisories are available directly in the project git repository: https://sourceware.org/git/?p=glibc.git;a=tree;f=advisories;hb=HEAD