PHP, glibc, and CVE-2024-2961

Details

2 participants

Recipients:(address . bug-guix@gnu.org)

Message-ID:D0TUHV4220TM.G0XZHTPBKVOQ@guix

Hello Guix,

Last week, an overflow bug in glibc's iconv(3) was discovered:

It may enable remove code execution through PHP. Due to

the immutable nature of Guix, is it possible to hotpatch

this using graft, or do we need to rebuild to world?

Kind regards,

McSinyx

Liliana Marie Prikler wrote on 26 Apr 09:20 +0200

Recipients:(address . guix-security@gnu.org)

Message-ID:d3ec3ac455aa73747b9451100ed10f31ca65f64d.camel@ist.tugraz.at

Hi McSinyx,

security-relevant bugs ought to go to <guix-security@gnu.org>, see [1].

Since a patch exists for glibc all the way back to 2.30, I suppose a

graft can be used and should be performed timely.

Cheers

Your comment

Commenting via the web interface is currently disabled.