From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dog.birch.relay.mailchannels.net (dog.birch.relay.mailchannels.net [23.83.209.48]) by sourceware.org (Postfix) with ESMTPS id B72C8385E017 for ; Tue, 26 Sep 2023 22:55:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B72C8385E017 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=sourceware.org Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 900E46C0C82; Tue, 26 Sep 2023 22:54:59 +0000 (UTC) Received: from pdx1-sub0-mail-a267.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 30D956C14C7 for ; Tue, 26 Sep 2023 22:54:59 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1695768899; a=rsa-sha256; cv=none; b=F4fiXiJeOsBAoH/CoUbubnb1oGg+hsEvwlzuZpBXRXASkVq0QQ7YoGgr38W6JebZQmeikv 8LieumcevLm6PWQrfTVev2n+Tu6chYnsg7reE+7qlTNF7+vpR8Zee8hWqlkv8Gs/80Uwf8 iOsOvZt7UL89zzqEdb9sum1at32xHbSGSIwA0U48vYn3cab15pt0EFQlFHnZd0DXUqJxR6 Vkll+0I5UtF4kx+ClDjGRZcoV3NjAnxpVkFK26Se5FZj8tfUZXvR5C9TScebwlcpYhejV/ qE1tONpbl4joXk/RRsW9tQrHP41E82l19P1u8qcOwB0V9UC98ahxH3+Bpj4omw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1695768899; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZSoBEzoEEL7vJQcMJ75dPh3qoRJklPq0NkFnkJ/3E5E=; b=agX8jKbGzH6xCxhk7bD+fUZjanWhIz2oaGrAu88cw81L7y1edutWm7HH/bwH6hDsqcHrP+ foUHdiYuAZAw9aE7Cngi3dOQpOsDNF4d2sMYcgZhRwc0sRQOuyOD0QATm5+rzgYc5rUR5D KPVWSDdWh3x6WpgOZxw8FgJwAU7yvr7dCcUUsNMykIgB5yiXbf5/XZdHeydi+VbAOHuUes nlSRcc0v1XldgnLdDMo8xONpo4KbtbxwBaWAnzwVHA9p8Nyb++RLmmv7+ORmorrtklFkVP aWMp3NZ0kjXW3hdtbmZKwM3nVKnN9sU3449DpNJb30+APNJ+yv47DUteo+LXSw== ARC-Authentication-Results: i=1; rspamd-7d5dc8fd68-zwnmp; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MC-Copy: stored-urls X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Whistle-Squirrel: 4d0ffc381f4abac3_1695768899413_863464737 X-MC-Loop-Signature: 1695768899413:847366099 X-MC-Ingress-Time: 1695768899413 Received: from pdx1-sub0-mail-a267.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.120.41.146 (trex/6.9.1); Tue, 26 Sep 2023 22:54:59 +0000 Received: from fedora.redhat.com (bras-vprn-toroon4834w-lp130-02-142-113-138-41.dsl.bell.ca [142.113.138.41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a267.dreamhost.com (Postfix) with ESMTPSA id 4RwFSL6SBRz2X for ; Tue, 26 Sep 2023 15:54:58 -0700 (PDT) From: Siddhesh Poyarekar To: libc-stable@sourceware.org Subject: [committed 2.37 2/2] Document CVE-2023-4806 and CVE-2023-5156 in NEWS Date: Tue, 26 Sep 2023 18:54:31 -0400 Message-ID: <20230926225432.3304726-10-siddhesh@sourceware.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230926225432.3304726-1-siddhesh@sourceware.org> References: <20230926225432.3304726-1-siddhesh@sourceware.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1172.5 required=5.0 tests=BAYES_00,GIT_PATCH_0,KAM_DMARC_NONE,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_SOFTFAIL,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: These are tracked in BZ #30884 and BZ #30843. Signed-off-by: Siddhesh Poyarekar (cherry picked from commit fd134feba35fa839018965733b34d28a09a075dd) --- NEWS | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/NEWS b/NEWS index d6cd902bd3..3725cc4820 100644 --- a/NEWS +++ b/NEWS @@ -22,6 +22,15 @@ Security related changes: 2048 bytes, getaddrinfo may potentially disclose stack contents via the returned address data, or crash. + CVE-2023-4806: When an NSS plugin only implements the + _gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use + memory that was freed during buffer resizing, potentially causing a + crash or read or write to arbitrary memory. + + CVE-2023-5156: The fix for CVE-2023-4806 introduced a memory leak when + an application calls getaddrinfo for AF_INET6 with AI_CANONNAME, + AI_ALL and AI_V4MAPPED flags set. + The following bugs are resolved with this release: [20975] Deferred cancellation triggers in __check_pf and looses lock leading to deadlock -- 2.41.0