Security fix for CVE-2023-4911, CVE-2023-4806, and CVE-2023-4527.
CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the environment of a setuid program and NAME is valid, it may result in a buffer overflow, which could be exploited to achieve escalated privileges. This flaw was introduced in glibc 2.34.
CVE-2023-4806: When an NSS plugin only implements the _gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use memory that was freed during buffer resizing, potentially causing a crash or read or write to arbitrary memory.
CVE-2023-4527: If the system is configured in no-aaaa mode via /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address family, and a DNS response is received over TCP that is larger than 2048 bytes, getaddrinfo may potentially disclose stack contents via the returned address data, or crash.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2023-028062484ePlease login to add feedback.
This update has been submitted for testing by codonell.
This update's test gating status has been changed to 'waiting'.
adamwill edited this update.
adamwill edited this update.
This update's test gating status has been changed to 'passed'.
This update's test gating status has been changed to 'failed'.
This update has been pushed to testing.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'failed'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
I just waived the automated test failures, but I don't see my waiver comment here, so:
The scratch build validation failure is an strace build failure that also occurs on baseline; waived The debugging symbols in libc.so.6 and ld.so is expected; waived The cope build validation failure seems to be an infrastructure issue; waived
These are identical to the failures seen on the f38 update.
Just installed the update and rebooted the system. everything is working as expected!
Tested manually. LGTM.
This update can be pushed to stable now if the maintainer wishes
Seems to be working here on aarch64.
This update has been submitted for stable by bodhi.
Smoke test passed for me on x86_64.
This update has been pushed to stable.