FEDORA-2024-07597a0fb3

Packages in this update:

glibc-2.37-18.fc38

Update description:

Security fix for CVE-2023-6246, CVE-2023-6779, and CVE-2023-6780.

CVE-2023-6246: __vsyslog_internal did not handle a case where printing a SYSLOG_HEADER
containing a long program name failed to update the required buffer
size, leading to the allocation and overflow of a too-small buffer on
the heap.

CVE-2023-6779: __vsyslog_internal used the return value of snprintf/vsnprintf to
calculate buffer sizes for memory allocation. If these functions (for
any reason) failed and returned -1, the resulting buffer would be too
small to hold output.

CVE-2023-6780: __vsyslog_internal calculated a buffer size by adding two integers, but
did not first check if the addition would overflow.

Read More