Package: fakechroot Version: 2.19-3 In an up-to-date installation of stretch, I do this: fakechroot readlink /etc/ssl/certs/* and get this: *** Error in readlink: free(): invalid next size (fast): 0x0000aaaaee312140 ***
Note that this is *not* in a faked chroot. Looking at the source code: readlink allocates a small buffer for the linked filename, and relies on the readlink() call returning a truncated value if the buffer overflows. But the replacement readlink() in libfakechroot calls the original function with a huge buffer, and if a faked chroot is not in effect then it just copies the whole result to the caller. The file names in /etc/ssl/certs are long enough for this to cause an overflow. I haven't investigated to see how much damage this could cause if (e.g.) a specially-crafted malicious file name were used.
