oss-sec mailing list archives
Re: CVE-2023-4806, CVE-2023-5156: glibc: potential use-after-free in getaddrinfo()
From: Rodrigo Freire <rfreire () redhat com>
Date: Tue, 3 Oct 2023 16:26:42 -0300
On Tue, Oct 3, 2023 at 4:18 PM Solar Designer <solar () openwall com> wrote:
Hi,
Hello, <snip>
https://access.redhat.com/security/cve/CVE-2023-5156 Puzzlingly, the latter URL lists RHEL 9 as affected, even though I think the original buggy fix hasn't yet made it into a RHEL 9 glibc update. Maybe that's part of Red Hat's tracking of what's in their pipeline.
The affected code was backported into RHEL9's glibc and it is affected. The fix is traversing our productization pipeline and we will ship when it's done.
Current thread:
- CVE-2023-4806, CVE-2023-5156: glibc: potential use-after-free in getaddrinfo() Solar Designer (Oct 03)
- Re: CVE-2023-4806, CVE-2023-5156: glibc: potential use-after-free in getaddrinfo() Rodrigo Freire (Oct 03)
- Re: CVE-2023-4806, CVE-2023-5156: glibc: potential use-after-free in getaddrinfo() Siddhesh Poyarekar (Oct 03)
- Re: CVE-2023-4806, CVE-2023-5156: glibc: potential use-after-free in getaddrinfo() Siddhesh Poyarekar (Oct 03)
- Re: CVE-2023-4806, CVE-2023-5156: glibc: potential use-after-free in getaddrinfo() Rodrigo Freire (Oct 03)