Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications

* Aurelien Jarno: >> > Is it possible to commit those patches to the upstream 2.28 branch? If >> > so, I guess we can simply pull the branch in the Debian package, fixing >> > many other security bugs at the same time. >> >> I'm concerned about the GLIBC_PRIVATE internal ABI change, it causes >>

Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications

On 2021-06-04 21:51, Florian Weimer wrote: > * Aurelien Jarno: > > > On 2021-06-04 20:34, Florian Weimer wrote: > >> * Moritz Mühlenhoff: > >> > >> > Am Wed, Sep 09, 2020 at 12:30:44PM +0200 schrieb Aurelien Jarno: > >> >> control: forcemerge 967938 969926 > >> >> > >> >> Hi, > >> >> > >> >>

Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications

* Aurelien Jarno: > On 2021-06-04 20:34, Florian Weimer wrote: >> * Moritz Mühlenhoff: >> >> > Am Wed, Sep 09, 2020 at 12:30:44PM +0200 schrieb Aurelien Jarno: >> >> control: forcemerge 967938 969926 >> >> >> >> Hi, >> >> >> >> On 2020-09-09 02:58, Bernd Zeimetz wrote: >> >> > Source: glibc >>

Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications

On 2021-06-04 20:34, Florian Weimer wrote: > * Moritz Mühlenhoff: > > > Am Wed, Sep 09, 2020 at 12:30:44PM +0200 schrieb Aurelien Jarno: > >> control: forcemerge 967938 969926 > >> > >> Hi, > >> > >> On 2020-09-09 02:58, Bernd Zeimetz wrote: > >> > Source: glibc > >> > Version: 2.28-10 > >> >

Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications

* Moritz Mühlenhoff: > Am Wed, Sep 09, 2020 at 12:30:44PM +0200 schrieb Aurelien Jarno: >> control: forcemerge 967938 969926 >> >> Hi, >> >> On 2020-09-09 02:58, Bernd Zeimetz wrote: >> > Source: glibc >> > Version: 2.28-10 >> > Severity: serious >> > Tags: security upstream patch >> >

Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications

On Fri, Jun 04, 2021 at 08:34:50PM +0200, Florian Weimer wrote: > * Moritz Mühlenhoff: > > > Am Wed, Sep 09, 2020 at 12:30:44PM +0200 schrieb Aurelien Jarno: > >> control: forcemerge 967938 969926 > >> > >> Hi, > >> > >> On 2020-09-09 02:58, Bernd Zeimetz wrote: > >> > Source: glibc > >> >

Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications

Am Wed, Sep 09, 2020 at 12:30:44PM +0200 schrieb Aurelien Jarno: > control: forcemerge 967938 969926 > > Hi, > > On 2020-09-09 02:58, Bernd Zeimetz wrote: > > Source: glibc > > Version: 2.28-10 > > Severity: serious > > Tags: security upstream patch > > X-Debbugs-Cc: Debian Security Team > > >

Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications

Hi, This has already been reported, Florian will work on a backport, as it is not straightforward to backport it to buster due to the usage of private symbols. Thanks! As it was flagged security in the upstream bugtracker, I'm doing the same here. The bug is actually tagged as security-

Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications

control: forcemerge 967938 969926 Hi, On 2020-09-09 02:58, Bernd Zeimetz wrote: > Source: glibc > Version: 2.28-10 > Severity: serious > Tags: security upstream patch > X-Debbugs-Cc: Debian Security Team > > Hi, > > we are running into the bug >

Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications

Source: glibc Version: 2.28-10 Severity: serious Tags: security upstream patch X-Debbugs-Cc: Debian Security Team Hi, we are running into the bug https://sourceware.org/bugzilla/show_bug.cgi?id=20338 causing systemd-sysusers to segfault. Patch is available in the linked bug report. As it was