[{"id":3683108,"web_url":"http://patchwork.ozlabs.org/comment/3683108/","msgid":"<lhu8qa7y9pr.fsf@oldenburg.str.redhat.com>","list_archive_url":null,"date":"2026-04-28T04:45:04","subject":"Re: [to-be-committed] Document CVE-2026-6238","submitter":{"id":14312,"url":"http://patchwork.ozlabs.org/api/people/14312/","name":"Florian Weimer","email":"fweimer@redhat.com"},"content":"* Siddhesh Poyarekar:\n\n> Signed-off-by: Siddhesh Poyarekar <siddhesh@gotplt.org>\n> ---\n>  advisories/GLIBC-SA-2026-0012 | 18 ++++++++++++++++++\n>  1 file changed, 18 insertions(+)\n>  create mode 100644 advisories/GLIBC-SA-2026-0012\n>\n> diff --git a/advisories/GLIBC-SA-2026-0012 b/advisories/GLIBC-SA-2026-0012\n> new file mode 100644\n> index 0000000000..29498d905e\n> --- /dev/null\n> +++ b/advisories/GLIBC-SA-2026-0012\n> @@ -0,0 +1,18 @@\n> +Buffer overread in ns_printrrf with corrupted RDATA field\n> +\n> +The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the\n> +GNU C Library version 2.2 and newer fail to validate the RDATA content\n> +against the RDATA length in a DNS response when processing LOC, CERT,\n> +TKEY or TSIG records, which may allow an attacker to craft a DNS\n> +response, causing a target application to crash or read uninitialized\n> +memory.\n\nNote that this code was present in glibc before 2.2.\n\n        case T_LOC: {\n                char t[255];\n\n                (void) fprintf(file, \"\\t%s\", loc_ntoa(cp, t));\n                cp += dlen;\n                break;\n            }\n\nIt's in the tree that is tagged glibc-1.90.  This was when printing\ndirectly went to a stream, instead of supporting output to a buffer.\n\n> +These functions are for debugging only and hence not in the default path\n> +of code executed by the DNS resolver.  Further, they have been\n> +deprecated since version 2.34 and should not be used by any new\n> +applications.  Applications should consider porting away from these\n> +interfaces since they may be removed in future versions.\n\nDrop the “default”, maybe say “application debugging”?  The proposed\nwording makes it sound like it's configurable to be on the execution\npath, which is I believe not the case.\n\nThanks,\nFlorian","headers":{"Return-Path":"<libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org>","X-Original-To":["incoming@patchwork.ozlabs.org","libc-alpha@sourceware.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","libc-alpha@sourceware.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=YK2Uy5FQ;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org\n (client-ip=2620:52:6:3111::32; helo=vm01.sourceware.org;\n envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;\n receiver=patchwork.ozlabs.org)","sourceware.org;\n\tdkim=pass (1024-bit key,\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=YK2Uy5FQ","sourceware.org; dmarc=pass (p=quarantine dis=none)\n header.from=redhat.com","sourceware.org; spf=pass smtp.mailfrom=redhat.com","server2.sourceware.org;\n arc=none smtp.remote-ip=170.10.129.124"],"Received":["from vm01.sourceware.org (vm01.sourceware.org\n [IPv6:2620:52:6:3111::32])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4SYH4CH5z1yHv\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 14:45:38 +1000 (AEST)","from vm01.sourceware.org (localhost [127.0.0.1])\n\tby sourceware.org (Postfix) with ESMTP id 41B774BA903B\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 04:45:36 +0000 (GMT)","from us-smtp-delivery-124.mimecast.com\n (us-smtp-delivery-124.mimecast.com [170.10.129.124])\n by sourceware.org (Postfix) with ESMTP id DBB014BA9031\n for <libc-alpha@sourceware.org>; Tue, 28 Apr 2026 04:45:14 +0000 (GMT)","from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com\n (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by\n relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,\n cipher=TLS_AES_256_GCM_SHA384) id us-mta-689-cmKFBc6WMHuIqLlQOTbUlQ-1; Tue,\n 28 Apr 2026 00:45:10 -0400","from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com\n (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS\n id CD12818003F6; Tue, 28 Apr 2026 04:45:09 +0000 (UTC)","from fweimer-oldenburg.csb.redhat.com (unknown [10.44.48.4])\n by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with\n ESMTPS\n id 7DCF8180047F; Tue, 28 Apr 2026 04:45:06 +0000 (UTC)"],"DKIM-Filter":["OpenDKIM Filter v2.11.0 sourceware.org 41B774BA903B","OpenDKIM Filter v2.11.0 sourceware.org DBB014BA9031"],"DMARC-Filter":"OpenDMARC Filter v1.4.2 sourceware.org DBB014BA9031","ARC-Filter":"OpenARC Filter v1.0.0 sourceware.org DBB014BA9031","ARC-Seal":"i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1777351515; cv=none;\n b=sudnGauV8zvLbYd3+ITxCr7grV27YNubVKDqbot7aBX+QB+zen/MGn5KuH9QIrV0aSzR2M3rBYZKaZ0J06N9NFoD8SokFBejnrHRzxCxkxJzT8oCxSDcguJz4pa38rKdnLKxe7oytzvwsVVTAjjnRZYhEP1+I5nSvzNhSFkTDE8=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=sourceware.org; s=key;\n t=1777351515; c=relaxed/simple;\n bh=q8GEzo9iiK+CON005YsT2NOk/v5g7P8OZrgVIMuhG4U=;\n h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;\n b=nP81xS0KJlccb1my0/0+0c5NVcIhqUWil9tYXX0KFM44/FVArDLd3bc9YDCQ4INOYmkagwkmYwLhkY81I42lO94T2gzj7rrmQe8m6owVxECUUFamU2//l+EWEJP2wIAHRhfhAu9sBTfqo+AN4lV55d2k/7kX3XI4tg7XD+C7U+M=","ARC-Authentication-Results":"i=1; server2.sourceware.org","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1777351514;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding:\n in-reply-to:in-reply-to:references:references;\n bh=YQACRrNIzx4loQkXUPVZuhJif2lePU+jaN7v5ZJqyQY=;\n b=YK2Uy5FQxJ56nR3ZCR3VA9oez/8BJbUWcxUjfE3Pcsyx30rzb3xh0nbfYsbuOZEqyRibN/\n iqsqPSUN9VJXRsH7EHiJpec+7jhmwDpjxtZzZz9eW2TWAV4xDC6Xf3Y/OY4DHSMvr44mE5\n WEaqufgJisOZXZ0z9BeV7f5jHy2yNq0=","X-MC-Unique":"cmKFBc6WMHuIqLlQOTbUlQ-1","X-Mimecast-MFC-AGG-ID":"cmKFBc6WMHuIqLlQOTbUlQ_1777351510","From":"Florian Weimer <fweimer@redhat.com>","To":"Siddhesh Poyarekar <siddhesh@gotplt.org>","Cc":"libc-alpha@sourceware.org,  carlos@redhat.com","Subject":"Re: [to-be-committed] Document CVE-2026-6238","In-Reply-To":"<20260427223127.119107-1-siddhesh@gotplt.org> (Siddhesh\n Poyarekar's message of \"Mon, 27 Apr 2026 18:31:27 -0400\")","References":"<20260427223127.119107-1-siddhesh@gotplt.org>","Date":"Tue, 28 Apr 2026 06:45:04 +0200","Message-ID":"<lhu8qa7y9pr.fsf@oldenburg.str.redhat.com>","User-Agent":"Gnus/5.13 (Gnus v5.13)","MIME-Version":"1.0","X-Scanned-By":"MIMEDefang 3.4.1 on 10.30.177.93","X-Mimecast-Spam-Score":"0","X-Mimecast-MFC-PROC-ID":"UIiUmOxUAjdm569us4XsWdJYhfVUcIJJLnJRJvoqluY_1777351510","X-Mimecast-Originator":"redhat.com","Content-Type":"text/plain; charset=utf-8","Content-Transfer-Encoding":"quoted-printable","X-BeenThere":"libc-alpha@sourceware.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Libc-alpha mailing list <libc-alpha.sourceware.org>","List-Unsubscribe":"<https://sourceware.org/mailman/options/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>","List-Archive":"<https://sourceware.org/pipermail/libc-alpha/>","List-Post":"<mailto:libc-alpha@sourceware.org>","List-Help":"<mailto:libc-alpha-request@sourceware.org?subject=help>","List-Subscribe":"<https://sourceware.org/mailman/listinfo/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=subscribe>","Errors-To":"libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org"}},{"id":3683406,"web_url":"http://patchwork.ozlabs.org/comment/3683406/","msgid":"<d26fa4be-7a9a-4872-a1a2-f89654ca2417@redhat.com>","list_archive_url":null,"date":"2026-04-28T11:45:40","subject":"Re: [to-be-committed] Document CVE-2026-6238","submitter":{"id":22438,"url":"http://patchwork.ozlabs.org/api/people/22438/","name":"Carlos O'Donell","email":"carlos@redhat.com"},"content":"On 4/28/26 12:45 AM, Florian Weimer wrote:\n> * Siddhesh Poyarekar:\n> \n>> Signed-off-by: Siddhesh Poyarekar <siddhesh@gotplt.org>\n>> ---\n>>   advisories/GLIBC-SA-2026-0012 | 18 ++++++++++++++++++\n>>   1 file changed, 18 insertions(+)\n>>   create mode 100644 advisories/GLIBC-SA-2026-0012\n>>\n>> diff --git a/advisories/GLIBC-SA-2026-0012 b/advisories/GLIBC-SA-2026-0012\n>> new file mode 100644\n>> index 0000000000..29498d905e\n>> --- /dev/null\n>> +++ b/advisories/GLIBC-SA-2026-0012\n>> @@ -0,0 +1,18 @@\n>> +Buffer overread in ns_printrrf with corrupted RDATA field\n>> +\n>> +The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the\n>> +GNU C Library version 2.2 and newer fail to validate the RDATA content\n>> +against the RDATA length in a DNS response when processing LOC, CERT,\n>> +TKEY or TSIG records, which may allow an attacker to craft a DNS\n>> +response, causing a target application to crash or read uninitialized\n>> +memory.\n> \n> Note that this code was present in glibc before 2.2.\n> \n>          case T_LOC: {\n>                  char t[255];\n> \n>                  (void) fprintf(file, \"\\t%s\", loc_ntoa(cp, t));\n>                  cp += dlen;\n>                  break;\n>              }\n> \n> It's in the tree that is tagged glibc-1.90.\n\nMay you please propose a different Vulnerable-Commit with updated text?\n\nWe can keep updating the advisories with more accurate information as\nwe receive it from reviewers.","headers":{"Return-Path":"<libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org>","X-Original-To":["incoming@patchwork.ozlabs.org","libc-alpha@sourceware.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","libc-alpha@sourceware.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=BOR+hzq3;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org\n (client-ip=2620:52:6:3111::32; helo=vm01.sourceware.org;\n envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;\n receiver=patchwork.ozlabs.org)","sourceware.org;\n\tdkim=pass (1024-bit key,\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=BOR+hzq3","sourceware.org; dmarc=pass (p=quarantine dis=none)\n header.from=redhat.com","sourceware.org; spf=pass smtp.mailfrom=redhat.com","server2.sourceware.org;\n arc=none smtp.remote-ip=170.10.133.124"],"Received":["from vm01.sourceware.org (vm01.sourceware.org\n [IPv6:2620:52:6:3111::32])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4dtS4KF6z1xrS\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 21:46:08 +1000 (AEST)","from vm01.sourceware.org (localhost [127.0.0.1])\n\tby sourceware.org (Postfix) with ESMTP id AAE524B920E3\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 11:46:06 +0000 (GMT)","from us-smtp-delivery-124.mimecast.com\n (us-smtp-delivery-124.mimecast.com [170.10.133.124])\n by sourceware.org (Postfix) with ESMTP id 82E584BA2E04\n for <libc-alpha@sourceware.org>; Tue, 28 Apr 2026 11:45:44 +0000 (GMT)","from mail-qv1-f71.google.com (mail-qv1-f71.google.com\n [209.85.219.71]) by relay.mimecast.com with ESMTP with STARTTLS\n (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id\n us-mta-286-FVv26dN5Nw6_pfX3tJjtFw-1; Tue, 28 Apr 2026 07:45:43 -0400","by mail-qv1-f71.google.com with SMTP id\n 6a1803df08f44-8b02af4345fso91374386d6.1\n for <libc-alpha@sourceware.org>; Tue, 28 Apr 2026 04:45:43 -0700 (PDT)","from [192.168.0.116] ([198.48.244.52])\n by smtp.gmail.com with ESMTPSA id\n 6a1803df08f44-8b3e271e6fbsm17823746d6.0.2026.04.28.04.45.40\n (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);\n Tue, 28 Apr 2026 04:45:41 -0700 (PDT)"],"DKIM-Filter":["OpenDKIM Filter v2.11.0 sourceware.org AAE524B920E3","OpenDKIM Filter v2.11.0 sourceware.org 82E584BA2E04"],"DMARC-Filter":"OpenDMARC Filter v1.4.2 sourceware.org 82E584BA2E04","ARC-Filter":"OpenARC Filter v1.0.0 sourceware.org 82E584BA2E04","ARC-Seal":"i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1777376744; cv=none;\n b=g1Wri7SeCYjBBAyvkM1FnuNupRAWCIEhPCrYyPsXGCFAm7brPjgC3FWF4NSECl6N0m+6ITf4WcNKiPEV3aKIEBhYcozF6KBbuN8nUwVK9LlkKtUoijMIaN0KaPuSeGPklYJyBYigQs3XBQaMx7p829Q07SHuxQi5MHKaHeh/ruM=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=sourceware.org; s=key;\n t=1777376744; c=relaxed/simple;\n bh=M6I/gsXaXcOjBW93dhks4JPxzOVEwCI9WAkFdAZsA3E=;\n h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From;\n b=vqn8oCUkFBxrhfBSBP4nmadpQ4UQgai6h/UXO7wvIBLNEjlffCxocoNR1Su1eDBPWzHVpExyoEFoo9zI77ShgYzeI6THKDHSLkkKQg9gjMUohg+EHVy4iWpog5F9hm6RtHjRIz20KEUs8kUT0/UxeOVoR6U+0SVmDzE2csG2Qx4=","ARC-Authentication-Results":"i=1; server2.sourceware.org","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1777376744;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding:\n in-reply-to:in-reply-to:references:references;\n bh=PJc22pSraQWly+CdixtOYm0oVUz0kqj2pZcmNzatruc=;\n b=BOR+hzq36kr+ojm7wkCO3YAvfsjdI/0wmnR0WT6dSZNrfBphhsQt+NkGTnK725glgkVKtS\n mFurgTqkbJeiZiTM9qYAgC4Y1rUQZNi7wpy7D+jLQei22JV0pqxccMafEtPfbuvmHjwhC6\n hKyY5YH0Scye/RwP4I8FTjiGwIwk09Y=","X-MC-Unique":"FVv26dN5Nw6_pfX3tJjtFw-1","X-Mimecast-MFC-AGG-ID":"FVv26dN5Nw6_pfX3tJjtFw_1777376742","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777376742; x=1777981542;\n h=content-transfer-encoding:in-reply-to:organization:from\n :content-language:references:cc:to:subject:user-agent:mime-version\n :date:message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=PJc22pSraQWly+CdixtOYm0oVUz0kqj2pZcmNzatruc=;\n b=Ot5Tbr6aKFDaEQxbbmYpRDw+svc1KasmY/FV9Sd3aZMCDzw94rPE0cQSfs1C1CxsJx\n q/veS38LhA85sFEQn2XvWMpJhZZshPB27QcdCvI+Nvj3n2C/EOyfvr38j81uZ1FIWFO5\n eiwgUu7y/U6BpWENEuDr6EfwduWc1S5u2zWAV+p+TpWOuTTt/p1CItXL8YgQmyFypEh9\n jD1HkmuepwcueftTrFNVc5ubdrcsFi5BDvpYG2v8dqk7MkmgpCCrzgG9Rk9RiaUq48vX\n VguR7RF8Y1M0k3EE7EvWrpYtKPnL7NsBAiMsns/Rvd9gUdI8yaTaUczJ9AF/e/mu/TeK\n Wwyw==","X-Gm-Message-State":"AOJu0YzGoXdELAIjmJQOwdgLFEvwsWMEoLSh/N4zICZmuiljR/MGBluU\n jctvj637xC1SZFe5Vn7mAzbzNgKILzOJ1yUDQvlKANUlf0jv83MvT4d9/BkxSlEnS/G7f5jDP8M\n /OJlkd9Q2N7GuVCuHnmprJuzP2nVX/pqX+HESGfi5HqO7Evo/EAHUl3s3SONLaQ==","X-Gm-Gg":"AeBDieuOrDRSaS/6j1C729HJtvGGkmbMjak8gf6FwdFdFWwSGD4FaTZ4Mx3aoiNZITV\n aKaMwPjOyL5aJnJLdzyQc7xfihEx1Of437h5ItB7soZOSs7JpsTI4JkSIgICFkiAHJgREMw2Rpp\n 29DiKVKCcV/3zl5x+V7B/Ds5zZDFnfoNTAD3HLX34nVkPSCOX2fDHva4IniT/zCj8ZfBBu8psog\n cwfxbFzersGnFIqCsl85hIq7RLkMmt3bRoarnRugWEs7Dd4nFMPEnwoDAvgc1wZMO1v0HVrs2Fa\n 2PRyLueg2LTlZv/zskFL0YZ104XAVjY0Jz4tgrEJBYHIddcgp3OBt2h6HQnEw4Xonr/XRt56xDP\n z61Ob+hBhiYp5MK35R9bDosoyCZqS14Dy0+j3mNvZUc/ES+iBvkBi+JPCefWbhhWMOY+JzoYIUd\n mjU4s9ouYuqinFFg+nzBAunNHWnnzuwEyw","X-Received":["by 2002:a05:6214:3283:b0:8ae:67b2:89ed with SMTP id\n 6a1803df08f44-8b3e302b9d1mr41723116d6.7.1777376742633;\n Tue, 28 Apr 2026 04:45:42 -0700 (PDT)","by 2002:a05:6214:3283:b0:8ae:67b2:89ed with SMTP id\n 6a1803df08f44-8b3e302b9d1mr41722276d6.7.1777376741867;\n Tue, 28 Apr 2026 04:45:41 -0700 (PDT)"],"Message-ID":"<d26fa4be-7a9a-4872-a1a2-f89654ca2417@redhat.com>","Date":"Tue, 28 Apr 2026 07:45:40 -0400","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"Re: [to-be-committed] Document CVE-2026-6238","To":"Florian Weimer <fweimer@redhat.com>,\n Siddhesh Poyarekar <siddhesh@gotplt.org>","Cc":"libc-alpha@sourceware.org","References":"<20260427223127.119107-1-siddhesh@gotplt.org>\n <lhu8qa7y9pr.fsf@oldenburg.str.redhat.com>","From":"Carlos O'Donell <carlos@redhat.com>","Organization":"Red Hat, LLC.","In-Reply-To":"<lhu8qa7y9pr.fsf@oldenburg.str.redhat.com>","X-Mimecast-Spam-Score":"0","X-Mimecast-MFC-PROC-ID":"Ixw4qC1EveNCbAjZTMJAN9cunAlg1gjjOngmSIiqpCk_1777376742","X-Mimecast-Originator":"redhat.com","Content-Language":"en-US","Content-Type":"text/plain; charset=UTF-8; format=flowed","Content-Transfer-Encoding":"7bit","X-BeenThere":"libc-alpha@sourceware.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Libc-alpha mailing list <libc-alpha.sourceware.org>","List-Unsubscribe":"<https://sourceware.org/mailman/options/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>","List-Archive":"<https://sourceware.org/pipermail/libc-alpha/>","List-Post":"<mailto:libc-alpha@sourceware.org>","List-Help":"<mailto:libc-alpha-request@sourceware.org?subject=help>","List-Subscribe":"<https://sourceware.org/mailman/listinfo/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=subscribe>","Errors-To":"libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org"}},{"id":3683420,"web_url":"http://patchwork.ozlabs.org/comment/3683420/","msgid":"<lhuik9bwaev.fsf@oldenburg.str.redhat.com>","list_archive_url":null,"date":"2026-04-28T12:12:56","subject":"Re: [to-be-committed] Document CVE-2026-6238","submitter":{"id":14312,"url":"http://patchwork.ozlabs.org/api/people/14312/","name":"Florian Weimer","email":"fweimer@redhat.com"},"content":"* Carlos O'Donell:\n\n> On 4/28/26 12:45 AM, Florian Weimer wrote:\n>> * Siddhesh Poyarekar:\n>> \n>>> Signed-off-by: Siddhesh Poyarekar <siddhesh@gotplt.org>\n>>> ---\n>>>   advisories/GLIBC-SA-2026-0012 | 18 ++++++++++++++++++\n>>>   1 file changed, 18 insertions(+)\n>>>   create mode 100644 advisories/GLIBC-SA-2026-0012\n>>>\n>>> diff --git a/advisories/GLIBC-SA-2026-0012 b/advisories/GLIBC-SA-2026-0012\n>>> new file mode 100644\n>>> index 0000000000..29498d905e\n>>> --- /dev/null\n>>> +++ b/advisories/GLIBC-SA-2026-0012\n>>> @@ -0,0 +1,18 @@\n>>> +Buffer overread in ns_printrrf with corrupted RDATA field\n>>> +\n>>> +The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the\n>>> +GNU C Library version 2.2 and newer fail to validate the RDATA content\n>>> +against the RDATA length in a DNS response when processing LOC, CERT,\n>>> +TKEY or TSIG records, which may allow an attacker to craft a DNS\n>>> +response, causing a target application to crash or read uninitialized\n>>> +memory.\n>> Note that this code was present in glibc before 2.2.\n>>          case T_LOC: {\n>>                  char t[255];\n>>                  (void) fprintf(file, \"\\t%s\", loc_ntoa(cp, t));\n>>                  cp += dlen;\n>>                  break;\n>>              }\n>> It's in the tree that is tagged glibc-1.90.\n>\n> May you please propose a different Vulnerable-Commit with updated text?\n>\n> We can keep updating the advisories with more accurate information as\n> we receive it from reviewers.\n\nIt's not helpful because of the imperfect CVS conversion:\n\ncommit ee188d555b8c32ad9704a7440cab400af967292f\nAuthor: Roland McGrath <roland@gnu.org>\nDate:   Wed Jun 5 01:07:21 1996 +0000\n\nThanks,\nFlorian","headers":{"Return-Path":"<libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org>","X-Original-To":["incoming@patchwork.ozlabs.org","libc-alpha@sourceware.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","libc-alpha@sourceware.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=FSSQc4Ja;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org\n (client-ip=2620:52:6:3111::32; helo=vm01.sourceware.org;\n envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;\n receiver=patchwork.ozlabs.org)","sourceware.org;\n\tdkim=pass (1024-bit key,\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=FSSQc4Ja","sourceware.org; dmarc=pass (p=quarantine dis=none)\n header.from=redhat.com","sourceware.org; spf=pass smtp.mailfrom=redhat.com","server2.sourceware.org;\n arc=none smtp.remote-ip=170.10.129.124"],"Received":["from vm01.sourceware.org (vm01.sourceware.org\n [IPv6:2620:52:6:3111::32])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4fTz5QlLz1xrS\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 22:13:27 +1000 (AEST)","from vm01.sourceware.org (localhost [127.0.0.1])\n\tby sourceware.org (Postfix) with ESMTP id CEA3E4B920FD\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 12:13:25 +0000 (GMT)","from us-smtp-delivery-124.mimecast.com\n (us-smtp-delivery-124.mimecast.com [170.10.129.124])\n by sourceware.org (Postfix) with ESMTP id 9142A4B920EC\n for <libc-alpha@sourceware.org>; Tue, 28 Apr 2026 12:13:05 +0000 (GMT)","from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com\n (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by\n relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,\n cipher=TLS_AES_256_GCM_SHA384) id us-mta-543-ggMZ4p67OPGI4DQbuZY3wg-1; Tue,\n 28 Apr 2026 08:13:01 -0400","from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com\n (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS\n id 8FBF71800454; Tue, 28 Apr 2026 12:13:00 +0000 (UTC)","from fweimer-oldenburg.csb.redhat.com (unknown [10.44.48.4])\n by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with\n ESMTPS\n id 2C09E1800446; Tue, 28 Apr 2026 12:12:58 +0000 (UTC)"],"DKIM-Filter":["OpenDKIM Filter v2.11.0 sourceware.org CEA3E4B920FD","OpenDKIM Filter v2.11.0 sourceware.org 9142A4B920EC"],"DMARC-Filter":"OpenDMARC Filter v1.4.2 sourceware.org 9142A4B920EC","ARC-Filter":"OpenARC Filter v1.0.0 sourceware.org 9142A4B920EC","ARC-Seal":"i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1777378385; cv=none;\n b=vWvX+htCuJvQE3RCN82z+xdTLKLXbSeSFfOKqDFTfJ6TVfj6SDGzH2sP/r3AqZgbwbS2VOYpyhGxvejwYtXbLLLEvW6/RrTFNL8BLRCyarWuwlA1BfXgBWjvENpgpdbeztxGcvHuWGpVMvjYXRdyjvepf7bijOKQtGcB5DDZIOA=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=sourceware.org; s=key;\n t=1777378385; c=relaxed/simple;\n bh=85JCvLw2HfVFbxbUmdx4EUC03dASdv5aVxQSkWuMOAA=;\n h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;\n b=YD+bZ2Vq3SUjOoZ6TLSb3Iq1p6TbJIHYvcMDClAbAUZD/BpzqpMrbnSQBHdG4i9yuG4xpMwGG/w6AcPzFit15AI8zgQLzEzcPAoUMrlVfBOTSo6iUQdyvQd9mpmouqnm9eqkhas6VMkUZTSDC0solHUUhfcOBAANYADepMw5Ek8=","ARC-Authentication-Results":"i=1; server2.sourceware.org","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1777378385;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:content-type:content-type:\n in-reply-to:in-reply-to:references:references;\n bh=rIKd03pKcFYivWsTeDMHOJdh+KtkGEBEGAiG3oLh1i4=;\n b=FSSQc4JaGdj3xLMCvBy9mtuzqfjQ6+IUHnlYwk6sMws57B7c6kYQKgH+Km86zD6OXw/JPF\n L1MIS9kgQ/5NuQ8ZnxfVMZmW708hw/D4KKS5H6j1flPiuGjAb+Sjon8yd1rl3hCxhlxjPE\n xsYjlP32EM/o5eWS78St1DbrJwAa9eA=","X-MC-Unique":"ggMZ4p67OPGI4DQbuZY3wg-1","X-Mimecast-MFC-AGG-ID":"ggMZ4p67OPGI4DQbuZY3wg_1777378381","From":"Florian Weimer <fweimer@redhat.com>","To":"Carlos O'Donell <carlos@redhat.com>","Cc":"Siddhesh Poyarekar <siddhesh@gotplt.org>,  libc-alpha@sourceware.org","Subject":"Re: [to-be-committed] Document CVE-2026-6238","In-Reply-To":"<d26fa4be-7a9a-4872-a1a2-f89654ca2417@redhat.com> (Carlos\n O'Donell's message of \"Tue, 28 Apr 2026 07:45:40 -0400\")","References":"<20260427223127.119107-1-siddhesh@gotplt.org>\n <lhu8qa7y9pr.fsf@oldenburg.str.redhat.com>\n <d26fa4be-7a9a-4872-a1a2-f89654ca2417@redhat.com>","Date":"Tue, 28 Apr 2026 14:12:56 +0200","Message-ID":"<lhuik9bwaev.fsf@oldenburg.str.redhat.com>","User-Agent":"Gnus/5.13 (Gnus v5.13)","MIME-Version":"1.0","X-Scanned-By":"MIMEDefang 3.4.1 on 10.30.177.111","X-Mimecast-Spam-Score":"0","X-Mimecast-MFC-PROC-ID":"n9FcQvU1SAGOWeoPpg2RqSmfT7hynHoRQxrKFL8JHFI_1777378381","X-Mimecast-Originator":"redhat.com","Content-Type":"text/plain","X-BeenThere":"libc-alpha@sourceware.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Libc-alpha mailing list <libc-alpha.sourceware.org>","List-Unsubscribe":"<https://sourceware.org/mailman/options/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>","List-Archive":"<https://sourceware.org/pipermail/libc-alpha/>","List-Post":"<mailto:libc-alpha@sourceware.org>","List-Help":"<mailto:libc-alpha-request@sourceware.org?subject=help>","List-Subscribe":"<https://sourceware.org/mailman/listinfo/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=subscribe>","Errors-To":"libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org"}},{"id":3683453,"web_url":"http://patchwork.ozlabs.org/comment/3683453/","msgid":"<87mrynrzqr.fsf@igel.home>","list_archive_url":null,"date":"2026-04-28T13:17:00","subject":"Re: [to-be-committed] Document CVE-2026-6238","submitter":{"id":2170,"url":"http://patchwork.ozlabs.org/api/people/2170/","name":"Andreas Schwab","email":"schwab@linux-m68k.org"},"content":"On Apr 28 2026, Florian Weimer wrote:\n\n> * Carlos O'Donell:\n>\n>> On 4/28/26 12:45 AM, Florian Weimer wrote:\n>>> * Siddhesh Poyarekar:\n>>> \n>>>> Signed-off-by: Siddhesh Poyarekar <siddhesh@gotplt.org>\n>>>> ---\n>>>>   advisories/GLIBC-SA-2026-0012 | 18 ++++++++++++++++++\n>>>>   1 file changed, 18 insertions(+)\n>>>>   create mode 100644 advisories/GLIBC-SA-2026-0012\n>>>>\n>>>> diff --git a/advisories/GLIBC-SA-2026-0012 b/advisories/GLIBC-SA-2026-0012\n>>>> new file mode 100644\n>>>> index 0000000000..29498d905e\n>>>> --- /dev/null\n>>>> +++ b/advisories/GLIBC-SA-2026-0012\n>>>> @@ -0,0 +1,18 @@\n>>>> +Buffer overread in ns_printrrf with corrupted RDATA field\n>>>> +\n>>>> +The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the\n>>>> +GNU C Library version 2.2 and newer fail to validate the RDATA content\n>>>> +against the RDATA length in a DNS response when processing LOC, CERT,\n>>>> +TKEY or TSIG records, which may allow an attacker to craft a DNS\n>>>> +response, causing a target application to crash or read uninitialized\n>>>> +memory.\n>>> Note that this code was present in glibc before 2.2.\n>>>          case T_LOC: {\n>>>                  char t[255];\n>>>                  (void) fprintf(file, \"\\t%s\", loc_ntoa(cp, t));\n>>>                  cp += dlen;\n>>>                  break;\n>>>              }\n>>> It's in the tree that is tagged glibc-1.90.\n>>\n>> May you please propose a different Vulnerable-Commit with updated text?\n>>\n>> We can keep updating the advisories with more accurate information as\n>> we receive it from reviewers.\n>\n> It's not helpful because of the imperfect CVS conversion:\n>\n> commit ee188d555b8c32ad9704a7440cab400af967292f\n> Author: Roland McGrath <roland@gnu.org>\n> Date:   Wed Jun 5 01:07:21 1996 +0000\n\nIn git://repo.or.cz/glibc/history, it's commit 132922b488.\n\ncommit 132922b488\nAuthor: Roland McGrath <roland@gnu.org>\nDate:   Wed Jun 5 01:04:13 1996 +0000\n\n    Wed Jun  5 02:11:30 1996  Ulrich Drepper  <drepper@cygnus.com>\n    \n            * resolv/res_debug.c, resolv/resolv.h: Update from bind-4.3.4-T4A.","headers":{"Return-Path":"<libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org>","X-Original-To":["incoming@patchwork.ozlabs.org","libc-alpha@sourceware.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","libc-alpha@sourceware.org"],"Authentication-Results":["legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org\n (client-ip=38.145.34.32; helo=vm01.sourceware.org;\n envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;\n receiver=patchwork.ozlabs.org)","sourceware.org; dmarc=none (p=none dis=none)\n header.from=linux-m68k.org","sourceware.org; spf=pass smtp.mailfrom=nefkom.net","server2.sourceware.org;\n arc=none smtp.remote-ip=212.18.0.9"],"Received":["from vm01.sourceware.org (vm01.sourceware.org [38.145.34.32])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4gvt4Rscz1yHv\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 23:17:30 +1000 (AEST)","from vm01.sourceware.org (localhost [127.0.0.1])\n\tby sourceware.org (Postfix) with ESMTP id 745324B92088\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 13:17:28 +0000 (GMT)","from mail-out.m-online.net (mail-out.m-online.net [212.18.0.9])\n by sourceware.org (Postfix) with ESMTPS id 67DB04BB5918\n for <libc-alpha@sourceware.org>; Tue, 28 Apr 2026 13:17:06 +0000 (GMT)","from mail-out.m-online.net (mail-out.m-online.net [212.18.0.9])\n by mail-out.m-online.net (Postfix) with ESMTP id 4g4gvN3t6qz1r5Sh;\n Tue, 28 Apr 2026 15:17:04 +0200 (CEST)","from frontend03.mail.m-online.net (unknown [192.168.6.182])\n by mail-out.m-online.net (Postfix) with ESMTP id 4g4gvL4LcMz1r5SR;\n Tue, 28 Apr 2026 15:17:02 +0200 (CEST)","from localhost (dynscan3.mnet-online.de [192.168.6.87])\n by mail.m-online.net (Postfix) with ESMTP id 4g4gvL2vqZz1qqlT;\n Tue, 28 Apr 2026 15:17:02 +0200 (CEST)","from mail.mnet-online.de ([192.168.6.182])\n by localhost (dynscan3.mail.m-online.net [192.168.6.87]) (amavis, port 10024)\n with ESMTP id WfH8LnnqKxks; Tue, 28 Apr 2026 15:17:00 +0200 (CEST)","from igel.home (aftr-82-135-83-38.dynamic.mnet-online.de\n [82.135.83.38])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by mail.mnet-online.de (Postfix) with ESMTPSA;\n Tue, 28 Apr 2026 15:17:00 +0200 (CEST)","by igel.home (Postfix, from userid 1000)\n id 73B4F2C16E1; Tue, 28 Apr 2026 15:17:00 +0200 (CEST)"],"DKIM-Filter":["OpenDKIM Filter v2.11.0 sourceware.org 745324B92088","OpenDKIM Filter v2.11.0 sourceware.org 67DB04BB5918"],"DMARC-Filter":"OpenDMARC Filter v1.4.2 sourceware.org 67DB04BB5918","ARC-Filter":"OpenARC Filter v1.0.0 sourceware.org 67DB04BB5918","ARC-Seal":"i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1777382226; cv=none;\n b=Ugy6pDS4QdaQhZ69u+vpbL8TtmgLbs8/APy7wISM+2J3WMz8BAbk30gC+Ez/Q2QNIzchbKjTz5F1BjirH+hzmJ0gpVi0T/z2Ht5qlCtI5tN37hF1LWjQaRfR9Xro8ANfBruG1vtAXO0+bLrS4InU9l9HcbPOT/CCsVxEz03U2v0=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=sourceware.org; s=key;\n t=1777382226; c=relaxed/simple;\n bh=I7WA8P8CIJ57C+o4dIF4UY9oTbngElW9J4nF4dehigQ=;\n h=From:To:Subject:Date:Message-ID:MIME-Version;\n b=QHGIVcycUqdJBiYgyVob5fOjlllu8AixAD108py+7waTE8PsCmEDBbu4TkKnDqs9/oDP/UYxGYY1aQIRhOP93J9cMMw6hw44R/OqHmRqSF8FyyjDDXwPq0koMhlEppm6R58xyw/Xjux5TDy2i0zlMvmz3/0al6ld9WUsb+6t4wM=","ARC-Authentication-Results":"i=1; server2.sourceware.org","X-Virus-Scanned":"amavis at mnet-online.de","X-Auth-Info":"lpsd7sxJuZzqTfChm5RoHeyyPVohHVkRtGkDIKSBFMOSkdNhReQpIJ7JaLaamyFC","From":"Andreas Schwab <schwab@linux-m68k.org>","To":"Florian Weimer <fweimer@redhat.com>","Cc":"Carlos O'Donell <carlos@redhat.com>,  Siddhesh Poyarekar\n <siddhesh@gotplt.org>,  libc-alpha@sourceware.org","Subject":"Re: [to-be-committed] Document CVE-2026-6238","In-Reply-To":"<lhuik9bwaev.fsf@oldenburg.str.redhat.com> (Florian Weimer's\n message of \"Tue, 28 Apr 2026 14:12:56 +0200\")","References":"<20260427223127.119107-1-siddhesh@gotplt.org>\n <lhu8qa7y9pr.fsf@oldenburg.str.redhat.com>\n <d26fa4be-7a9a-4872-a1a2-f89654ca2417@redhat.com>\n <lhuik9bwaev.fsf@oldenburg.str.redhat.com>","Date":"Tue, 28 Apr 2026 15:17:00 +0200","Message-ID":"<87mrynrzqr.fsf@igel.home>","User-Agent":"Gnus/5.13 (Gnus v5.13)","MIME-Version":"1.0","Content-Type":"text/plain","X-BeenThere":"libc-alpha@sourceware.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Libc-alpha mailing list <libc-alpha.sourceware.org>","List-Unsubscribe":"<https://sourceware.org/mailman/options/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>","List-Archive":"<https://sourceware.org/pipermail/libc-alpha/>","List-Post":"<mailto:libc-alpha@sourceware.org>","List-Help":"<mailto:libc-alpha-request@sourceware.org?subject=help>","List-Subscribe":"<https://sourceware.org/mailman/listinfo/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=subscribe>","Errors-To":"libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org"}}]