Source: glibc Version: 2.31-9 Severity: important Tags: security upstream Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=27462 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>,f...@debian.org Control: found -1 2.28-10 Control: found -1 2.28-1
Hi, The following vulnerability was published for glibc. CVE-2021-27645[0]: | The nameserver caching daemon (nscd) in the GNU C Library (aka glibc | or libc6) 2.29 through 2.33, when processing a request for netgroup | lookup, may crash due to a double-free, potentially resulting in | degraded service or Denial of Service on the local system. This is | related to netgroupcache.c. Upstream this has been introduced in 2.29 but AFAICS we have the problematic change since 2.28-1 in Debian itself due to [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-27645 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645 [1] https://sourceware.org/bugzilla/show_bug.cgi?id=27462 [2] https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919 Regards, Salvatore
