* bug#70581: PHP, glibc, and CVE-2024-2961
@ 2024-04-26 6:44 McSinyx via Bug reports for GNU Guix
2024-04-26 7:20 ` Liliana Marie Prikler
0 siblings, 1 reply; 2+ messages in thread
From: McSinyx via Bug reports for GNU Guix @ 2024-04-26 6:44 UTC (permalink / raw)
To: 70581
Hello Guix,
Last week, an overflow bug in glibc's iconv(3) was discovered:
https://www.openwall.com/lists/oss-security/2024/04/17/9
It may enable remove code execution through PHP. Due to
the immutable nature of Guix, is it possible to hotpatch
this using graft, or do we need to rebuild to world?
https://rockylinux.org/news/glibc-vulnerability-april-2024/
Kind regards,
McSinyx
^ permalink raw reply [flat|nested] 2+ messages in thread
* bug#70581: PHP, glibc, and CVE-2024-2961
2024-04-26 6:44 bug#70581: PHP, glibc, and CVE-2024-2961 McSinyx via Bug reports for GNU Guix
@ 2024-04-26 7:20 ` Liliana Marie Prikler
0 siblings, 0 replies; 2+ messages in thread
From: Liliana Marie Prikler @ 2024-04-26 7:20 UTC (permalink / raw)
To: McSinyx, 70581; +Cc: guix-security
Hi McSinyx,
security-relevant bugs ought to go to <guix-security@gnu.org>, see [1].
Since a patch exists for glibc all the way back to 2.30, I suppose a
graft can be used and should be performed timely.
Cheers
[1] https://guix.gnu.org/en/security/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-04-26 7:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-26 6:44 bug#70581: PHP, glibc, and CVE-2024-2961 McSinyx via Bug reports for GNU Guix
2024-04-26 7:20 ` Liliana Marie Prikler
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).