From 7dead2d634af823369b7ec44d60d7bb8f1ff4b00 Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Tue, 19 Sep 2023 09:52:00 -0400 Subject: [PATCH] CVE-2023-4813: Work around RHEL-8 limitation in test Resolves: RHEL-2435 --- glibc-RHEL-2435-2.patch | 22 ++++++++++++++++++++++ glibc.spec | 6 +++++- 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 glibc-RHEL-2435-2.patch diff --git a/glibc-RHEL-2435-2.patch b/glibc-RHEL-2435-2.patch new file mode 100644 index 0000000..8d2a8de --- /dev/null +++ b/glibc-RHEL-2435-2.patch @@ -0,0 +1,22 @@ +Work around in the test case, the fact that RHEL-8 NSS modules +infrastructure incorrectly allows merging in the hosts database. This +is a RHEL-8 only fix. + +diff --git a/nss/tst-nss-gai-actions.c b/nss/tst-nss-gai-actions.c +index efca6cd1837a172a..c35e752896eceb2a 100644 +--- a/nss/tst-nss-gai-actions.c ++++ b/nss/tst-nss-gai-actions.c +@@ -87,6 +87,13 @@ do_one_test (int action, int family, bool canon) + case ACTION_MERGE: + if (ret == 0) + { ++ if (hints.ai_flags == 0 && hints.ai_family == AF_INET) ++ { ++ printf ("***** RHEL-8 limitation: " ++ "NSS modules infrastructure incorrectly allows MERGE\n"); ++ return; ++ } ++ + char *formatted = support_format_addrinfo (ai, ret); + + printf ("merge unexpectedly succeeded:\n %s\n", formatted); diff --git a/glibc.spec b/glibc.spec index ae8a24a..9fc4acb 100644 --- a/glibc.spec +++ b/glibc.spec @@ -132,7 +132,7 @@ end \ Summary: The GNU libc libraries Name: glibc Version: %{glibcversion} -Release: %{glibcrelease}.3 +Release: %{glibcrelease}.4 # In general, GPLv2+ is used by programs, LGPLv2+ is used for # libraries. @@ -1055,6 +1055,7 @@ Patch862: glibc-rh2233338-5.patch Patch863: glibc-rh2233338-6.patch Patch864: glibc-rh2234714.patch Patch865: glibc-RHEL-2435.patch +Patch866: glibc-RHEL-2435-2.patch ############################################################################## # Continued list of core "glibc" package information: @@ -2885,6 +2886,9 @@ fi %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared %changelog +* Tue Sep 19 2023 Siddhesh Poyarekar - 2.28-236.4 +- CVE-2023-4813: Work around RHEL-8 limitation in test (RHEL-2435) + * Fri Sep 15 2023 Siddhesh Poyarekar - 2.28-236.3 - CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435)