Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <871q6u91rv.fsf@oldenburg.str.redhat.com>
Date: Wed, 24 Apr 2024 18:13:56 +0200
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: The GNU C Library security advisories update for
 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix
 out-of-bound writes when writing escape sequence

* Adhemerval Zanella Netto:

> The following security advisories have been published:
>
> GLIBC-SA-2024-0004:
> ===================
> ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence

For those who haven't prepared/shipped updates yet: we've got a fix for
a stack-based buffer overflow in nscd under review.

  [PATCH 0/4] Various nscd security fixes
  <https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/>

These are initial patches, still under review.  The glibc security team
will send a separate notification once official patches are ready.

The initial issue was reported in Bugzilla without an embargo period,
hence the public patch development.  The other bugs concern the same
code and are very minor compared to the initial finding, so a separate
embargo for them doesn't make sense.

Thanks,
Florian

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.