Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-83527

glibc: Backport upstream test for CVE-2025-0395 [rhel-9]

XMLWordPrintable

    • glibc-2.34-179.el9
    • Low
    • ZStream
    • cdb9ba84191ce72e86346fb8b1d906e7cd930ea2
    • 3
    • rhel-sst-pt-libraries
    • ssg_platform_tools
    • 1
    • False
    • Hide

      None

      Show
      None
    • Yes
    • PT Libraries 2025 S03, PT Libraries 2025 S04, PT Libraries 2025 S05
    • Approved Blocker
    • Enhancement
    • Hide
      Feature, enhancement:
      Reason:
      Result:
      Show
      Feature, enhancement: Reason: Result:
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      Upstream added a test case for CVE-2025-0395, which we should backport:

      commit cdb9ba84191ce72e86346fb8b1d906e7cd930ea2
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date:   Fri Jan 31 12:16:30 2025 -0500

    assert: Add test for CVE-2025-0395
    
    Use the __progname symbol to override the program name to induce the
    failure that CVE-2025-0395 describes.
    
    This is related to BZ #32582
    
    Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
    Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>

      Note: Not requesting backports to rhel-9.5.z and earlier, for those branches the backport will be handled as part of the vulnerability ticket.

              skolosov@redhat.com Sergey Kolosov
              fweimer@redhat.com Florian Weimer
              Arjun Shankar
              Platform Tools - Libraries Bot Platform Tools - Libraries Bot
              qe-baseos-tools-bugs@redhat.com qe-baseos-tools-bugs@redhat.com qe-baseos-tools-bugs@redhat.com qe-baseos-tools-bugs@redhat.com
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated: