Re: CVE request: glibc formatted printing vulnerabilities

[Stefan Cornelius <scorneli () redhat com>]

On 07/11/2012 11:37 PM, Kees Cook wrote:
> Hi Stefan,
>
> On Wed, Jul 11, 2012 at 12:32:35PM +0200, Stefan Cornelius wrote:
> > 3) It was discovered that the formatted printing functionality in glibc
> > did not properly restrict the use of alloca(). A remote attacker could
> > provide a specially crafted sequence of format specifiers, leading to a
> > crash or, potentially, FORTIFY_SOURCE format string protection mechanism
> > bypass, when processed.
> >
> > References:
> > https://bugzilla.redhat.com/show_bug.cgi?id=826943
> >
> > Red Hat patch backports/testcases for RHEL6 that include a patch for this:
> > https://bugzilla.redhat.com/attachment.cgi?id=594722&action=diff
> >
> > Red Hat patch backport/testcase for RHEL5 (older glibc versions)
> > https://bugzilla.redhat.com/attachment.cgi?id=594727&action=diff
>
> Is there an upstream commit proposed for this one? I see it mixed into
> the RH patch with fixes for 1) and 2).
>
> Thanks,
>
> -Kees

Hi Kees,

Unfortunately, I'm currently unaware of an upstream patch for this. I've
asked our maintainers for the status of this and, hopefully, I can
provide you with a better response soon.

Kind regards,
-- 
Stefan Cornelius / Red Hat Security Response Team