5804 – [Anolis OS 8] Bugfix for CVE-2021-27645

Bug 5804 - [Anolis OS 8] Bugfix for CVE-2021-27645

Summary: [Anolis OS 8] Bugfix for CVE-2021-27645

Status:	NEW

Alias:	None

Product:	Anolis OS 8
Classification:	Anolis OS
Component:	BaseOS Packages (show other bugs)	BaseOS Packages
Sub Component:
Version:	8.6
Hardware:	All Linux

Importance:	P4-Low S4-trivial
Target Milestone:	---
Assignee:	Jacob
QA Contact:	shuming

URL:
Whiteboard:
Keywords:	CVE

Depends on:
Blocks:

Reported:	2023-07-08 22:14 UTC by 小龙
Modified:	2023-07-08 22:14 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 小龙 admin

2023-07-08 22:14:05 UTC

Description:
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

Broken commit info:

Bugfix commit info:
https://bugzilla.redhat.com/attachment.cgi?id=1759135
https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673