oss-sec mailing list archives
Re: CVE-2023-4806, CVE-2023-5156: glibc: potential use-after-free in getaddrinfo()
From: Siddhesh Poyarekar <siddhesh.poyarekar () gmail com>
Date: Tue, 3 Oct 2023 15:39:44 -0400
On Tue, Oct 3, 2023 at 3:31 PM Rodrigo Freire <rfreire () redhat com> wrote:
On Tue, Oct 3, 2023 at 4:18 PM Solar Designer <solar () openwall com> wrote:Hi,Hello, <snip>https://access.redhat.com/security/cve/CVE-2023-5156 Puzzlingly, the latter URL lists RHEL 9 as affected, even though I think the original buggy fix hasn't yet made it into a RHEL 9 glibc update. Maybe that's part of Red Hat's tracking of what's in their pipeline.The affected code was backported into RHEL9's glibc and it is affected. The fix is traversing our productization pipeline and we will ship when it's done.
To elaborate, none of the *released* versions of rhel-9 are affected by it, but the RHEL process is using it to coordinate things in the release pipeline. Thanks, Sid -- https://gotplt.org
Current thread:
- CVE-2023-4806, CVE-2023-5156: glibc: potential use-after-free in getaddrinfo() Solar Designer (Oct 03)
- Re: CVE-2023-4806, CVE-2023-5156: glibc: potential use-after-free in getaddrinfo() Rodrigo Freire (Oct 03)
- Re: CVE-2023-4806, CVE-2023-5156: glibc: potential use-after-free in getaddrinfo() Siddhesh Poyarekar (Oct 03)
- Re: CVE-2023-4806, CVE-2023-5156: glibc: potential use-after-free in getaddrinfo() Siddhesh Poyarekar (Oct 03)
- Re: CVE-2023-4806, CVE-2023-5156: glibc: potential use-after-free in getaddrinfo() Rodrigo Freire (Oct 03)