GNU bug report logs - #70581
PHP, glibc, and CVE-2024-2961

Previous Next

Package: guix;

Reported by: "McSinyx" <cnx <at> loang.net>

Date: Fri, 26 Apr 2024 06:46:07 UTC

Severity: normal

Tags: security

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: "McSinyx" <cnx <at> loang.net>
To: 70581 <at> debbugs.gnu.org
Subject: bug#70581: PHP, glibc, and CVE-2024-2961
Date: Fri, 26 Apr 2024 15:44:50 +0900

Hello Guix,

Last week, an overflow bug in glibc's iconv(3) was discovered:
https://www.openwall.com/lists/oss-security/2024/04/17/9

It may enable remove code execution through PHP.  Due to
the immutable nature of Guix, is it possible to hotpatch
this using graft, or do we need to rebuild to world?
https://rockylinux.org/news/glibc-vulnerability-april-2024/

Kind regards,
McSinyx

This bug report was last modified 212 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #70581 PHP, glibc, and CVE-2024-2961

GNU bug report logs - #70581
PHP, glibc, and CVE-2024-2961