Opened 3 weeks ago
Closed 11 days ago
#5895 closed enhancement (fixed)
fix glibc CVE-2026-4437 and 4438
| Reported by: | Xi Ruoyao | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 13.1 |
| Component: | Book | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Change History (6)
comment:1 by , 3 weeks ago
comment:3 by , 2 weeks ago
I wanted to report in real quick that I tried the sed here and it's working perfectly on my laptop, which I just rebuilt glibc on about 30 minutes ago. Tests look normal as well :)
comment:4 by , 2 weeks ago
Fixed at commits
f3d6527e8 Add a sed to glibc-2.43 (Security update). 7df48f36f Update to XML-Parser-2.53 (Security update).
Leaving both open for security updates.
comment:6 by , 11 days ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
SA-13.0-021 issued.
Added a note in the advisory regarding updating or rebuilding glibc, reminding users to follow the instructions strictly in the Updating section to prevent a broken system.
Also brought this note back to SA-12.4-079 for glibc-2.43 to prevent 12.4 users from getting in trouble.
Note:
See TracTickets
for help on using tickets.
The link above is interesting. It changes 4 files:
Three of those are for tests. The only real change is to two lines in one file: resolv/nss_dns/dns-host.c
This is the essential fix:
sed -e '/while..ancount/c\ for (; ancount > 0; --ancount)' \ -e '/binary_hnok..expected/s/expected_name/name_buffer/' \ -i resolv/nss_dns/dns-host.cI did not rebuild glibc, but I did check that the sed above does the same as the patch to the affected file.