id summary reporter owner description type status priority milestone component version severity resolution keywords cc 4157 Create glibc security patch (CVE-2017-15670 CVE-2017-15671) Douglas R. Reno Douglas R. Reno "Full Disclosure - I have insider information on this one because of my position at FOXCONN, because they're on OSS-DISTROS. I'd prefer to take this one because I already have a patch developed, that needs testing, and I can have it in by Monday morning. It is worth noting that the US Department of Homeland Security has issued an emergency alert regarding this vulnerability. It is classified as a ""CRITICAL AND GRAVE THREAT TO CYBERSECURITY."" On 2017-10-20, two patches to glibc were released upstream to fix security issues in the GLOB function, triggered in the processing of home directories via the '~' key. These have been present since 2005 and were just now patched. Here's some information: '''CVE-2017-15670''' {{{ The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. }}} [https://sourceware.org/bugzilla/show_bug.cgi?id=22320] [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670] [https://nvd.nist.gov/vuln/detail/CVE-2017-15670] [https://sourceware.org/bugzilla/attachment.cgi?id=10546] (Reproducer - I've reproduced on LFS 7.7 and above - may I suggest a security email?) [https://bugzilla.redhat.com/show_bug.cgi?id=1504804] [http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f] '''CVE-2017-15671''' {{{ The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). }}} [https://nvd.nist.gov/vuln/detail/CVE-2017-15671] [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671] [https://sourceware.org/bugzilla/show_bug.cgi?id=22325] [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671]" defect closed lowest 8.2 Book SVN critical fixed