Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in sys-libs/glibc |
||||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: sys-libs/glibc Package Version: [cpe:/a:gnu:glibc:2.23] Advisory: CVE-2017-18269 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-18269 CVSS severity score: 7.5/10.0 Confidence: high Description: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.
,
Jun 25 2018
,
Jun 26 2018
Marking this as High because it could potentially lead to code execution in any process linking glibc. Still we need to confirm if anything uses i386 glibc on Chrome OS.
,
Jun 26 2018
the only place that i386 code shows up currently is in breakpad/crash-reporter in a few tools that process crashing images from ARC++. i'm not aware of any other 32-bit code on the CrOS side.
,
Jun 26 2018
,
Jun 26 2018
,
Jun 26 2018
,
Jun 27 2018
,
Jun 27 2018
So long as glibc for i386 is in the image, this is exploitable, so does it not being used in many places mitigate anything?
,
Jun 27 2018
the existence of buggy code in the rootfs does not mean the device is exploitable if the code is unreachable we all agree this bug should be fixed. it's just a question of does it need to be fixed yesterday, or can Yunlian schedule it in as part of his current glibc upgrade work. i think the latter is OK.
,
Jun 28 2018
I will put the fix in the glibc upgrade, which should happen in next quarter.
,
Jul 6
I have put the fix in the CL to upgrade glibc https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/1022974
,
Jul 21
yunlian: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 25
,
Aug 4
yunlian: Uh oh! This issue still open and hasn't been updated in the last 28 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 20
We commit ourselves to a 60 day deadline for fixing for high severity vulnerabilities, and have exceeded it here. If you're unable to look into this soon, could you please find another owner or remove yourself so that this gets back into the security triage queue? For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 21
Looks like the glibc update is still pending. Should we just land the patch in the existing copy of glibc?
,
Aug 27
Hi folks, still trying to figure out if waiting for the glibc uprev is the right way to go.
,
Aug 27
I will backport this patch to current glibc this week.
,
Aug 27
jorgelo@ my apologies for not responding to this before. Yunlian was on vacation (until today) and I did not get the updates to this bug (because restrict-view-securityTeam). Next time please ping me directly.
,
Aug 28
That's OK, it's no biggie. Don't worry about it. We'll make sure to CC the right people going forward.
,
Aug 30
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/73f32d12995da205eb6c59e22ebf787bd64d56c7 commit 73f32d12995da205eb6c59e22ebf787bd64d56c7 Author: Yunlian Jiang <yunlian@google.com> Date: Thu Aug 30 21:42:03 2018 glibc: fix CVE-2017-18269 This backports upstream patch to fix the CVE-2017-18269 The upstream commit is commit cd66c0e584c6d692bc8347b5e72723d02b8a8ada Author: Andrew Senkevich <andrew.n.senkevich@gmail.com> Date: Fri Mar 23 16:19:45 2018 +0100 Fix i386 memmove issue ( bug 22644 ). [BZ #22644] BUG= chromium:855008 TEST=sudo emerge glibc Change-Id: Ibdfe8f9ea1aa5aeeb7834efb252153b64949fc4f Reviewed-on: https://chromium-review.googlesource.com/1194643 Commit-Ready: Yunlian Jiang <yunlian@chromium.org> Tested-by: Yunlian Jiang <yunlian@chromium.org> Reviewed-by: Manoj Gupta <manojgupta@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> [rename] https://crrev.com/73f32d12995da205eb6c59e22ebf787bd64d56c7/sys-libs/glibc/glibc-2.23-r19.ebuild [add] https://crrev.com/73f32d12995da205eb6c59e22ebf787bd64d56c7/sys-libs/glibc/files/local/glibc-2.23-i386-memmove.patch
,
Sep 4
,
Sep 5
,
Dec 12
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by vapier@chromium.org
, Jun 21 2018Components: Tools>ChromeOS-Toolchain