New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 364511 link

Starred by 7 users

Issue metadata

Status: Verified
Last visit > 30 days ago
Closed: May 2014
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Security

Sign in to add a comment

Buffer overflow vulnerability in glibc

Project Member Reported by, Apr 17 2014

Issue description

From Kostya::

we've got ASan detecting what looks like a vulnerability in glibc,
8-byte heap buffer overflow with user-controlled data. It was fixed a
year ago, but still present in goobuntu.

What should we do about that? Announcing it in a google-wide readable
buganizer issue sounds wrong...

ASan report:

Upstream fix:;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd

We should uptake this fix in ChromeOS. Jorge, can you please help with an owner.
Assigning to our toolchain team. Luis, can you route this one? I'll still double-check that our glibc is affected (but it probably is).
sure. Han Shen will verify ASAP.
Labels: Build-Toolchain
Yup, just checked, we don't have the patch in ChromeOs.
Am working on patching glibc.
Thanks for jumping in on this!
Project Member

Comment 8 by, Apr 18 2014

Project: chromiumos/overlays/chromiumos-overlay
Branch : master
Author : Yunlian Jiang <>
Commit : 7738d06627941a2119ba15f3472320c5cecc7be6

Code-Review  0 : Yunlian Jiang, chrome-internal-fetch
Code-Review  +2: Mike Frysinger
Commit-Queue 0 : Mike Frysinger, chrome-internal-fetch
Commit-Queue +1: Yunlian Jiang
Verified     0 : Mike Frysinger, chrome-internal-fetch
Verified     +1: Yunlian Jiang
Change-Id      : I995d5b47b1d52bf4325a3a83bc24bbd2049f2dbe
Reviewed-at    :

glibc: backport an nss overflow patch.

This beckports a patch to fix a nss vulnerability inside glibc.

BUG= chromium:364511 
TEST=cbuildbot chromium_sdk, lumpy-release x86-generic-full.

Status: Fixed
keescook@ / jorgelo@ - Does ChromeOS use Milestone or Security Impact labels? I have a query that catches bugs that are missing these labels and wish to know whether I should dismiss any "OS-Chrome" bugs or harass you to add milestones and security impact labels where they are missing. Long sentence is long.
We should, but we haven't been exhaustive nor systematic when adding labels in the past. Harassing is better than dismissal.
Good to know.

yunlian@ - What milestones / versions are affected by this bug?
I think all the versions before this fix are affected.
Labels: M-35 M-36 Security_Impact-Stable Security_Severity-High
Speculatively adding labels based on c#13 - feel free to change the severity as you see fit.
Labels: -M-35
Removing M-35 label - this won't make that release.
Labels: Release-0-M36
Project Member

Comment 17 by ClusterFuzz, Aug 26 2014

Labels: -Restrict-View-SecurityTeam
Bulk update: removing view restriction from closed bugs.

Comment 18 by, Sep 17 2014

Status: Verified
Project Member

Comment 19 by, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit - Your friendly Sheriffbot
Project Member

Comment 20 by, Oct 1 2016

Labels: Restrict-View-SecurityNotify
Project Member

Comment 21 by, Oct 2 2016

Labels: -Restrict-View-SecurityNotify
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment