8182 – [Anolis OS 23] Bugfix for CVE-2023-6246

Bug 8182 - [Anolis OS 23] Bugfix for CVE-2023-6246

Summary: [Anolis OS 23] Bugfix for CVE-2023-6246

Status:	RESOLVED FIXED

Alias:	None

Product:	Anolis OS 23
Classification:	Anolis OS
Component:	BaseOS Packages (show other bugs)	BaseOS Packages
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P2-High S2-major
Target Milestone:	---
Assignee:	happy_orange
QA Contact:	bolong_tbl

URL:
Whiteboard:
Keywords:	CVE

Depends on:
Blocks:

Reported:	2024-02-06 14:42 UTC by 小龙
Modified:	2024-03-05 17:17 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 小龙 admin

2024-02-06 14:42:43 UTC

Description:
glibc的syslog函数存在堆溢出漏洞，该漏洞可导致本地提权，影响范围包括：2.36<=版本<2.39，包含我们的Anolis23

Broken commit info:

Bugfix commit info:
https://www.openwall.com/lists/oss-security/2024/01/30/6
https://bugzilla.redhat.com/show_bug.cgi?id=2249053
https://access.redhat.com/security/cve/CVE-2023-6246

Comment 1 Shiloong admin

2024-02-06 14:43:31 UTC

bugfix:
https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0001;hb=HEAD

Vulnerable-Commit: b0e7888d1fa2dbd2d9e1645ec8c796abf78880b9 (2.36-16)
Fix-Commit: d1a83b6767f68b3cb5b4b4ea2617254acd040c82 (2.36-126)

Comment 2 Shiloong admin

2024-02-06 14:47:33 UTC

https://gitee.com/src-anolis-os/glibc/pulls/52

Comment 3 扣肉 2024-03-05 17:17:16 UTC

glibc-2.36-13.an23 landed.