ArchLinux: 201911-3: glibc: information disclosure

    Date04 Nov 2019
    CategoryArchLinux
    126
    Posted ByLinuxSecurity Advisories
    Archlinux Large
    The package glibc before version 2.30-1 is vulnerable to information disclosure.
    Arch Linux Security Advisory ASA-201911-3
    =========================================
    
    Severity: High
    Date    : 2019-11-03
    CVE-ID  : CVE-2019-9169
    Package : glibc
    Type    : information disclosure
    Remote  : No
    Link    : https://security.archlinux.org/AVG-855
    
    Summary
    =======
    
    The package glibc before version 2.30-1 is vulnerable to information
    disclosure.
    
    Resolution
    ==========
    
    Upgrade to 2.30-1.
    
    # pacman -Syu "glibc>=2.30-1"
    
    The problem has been fixed upstream in version 2.30.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    In the GNU C Library (aka glibc or libc6) through 2.29,
    proceed_next_node in posix/regexec.c has a heap-based buffer over-read
    via an attempted case-insensitive regular-expression match.
    
    Impact
    ======
    
    An attacker is able to use malicious regular expressions to get access
    to sensitive information.
    
    References
    ==========
    
    https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=583dd860d5b833037175247230a328f0050dbfe9
    https://sourceware.org/bugzilla/show_bug.cgi?id=24114
    https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142
    https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140
    https://security.archlinux.org/CVE-2019-9169
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.