{"id":2229256,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2229256/?format=json","web_url":"http://patchwork.ozlabs.org/project/glibc/patch/20260427223127.119107-1-siddhesh@gotplt.org/","project":{"id":41,"url":"http://patchwork.ozlabs.org/api/1.1/projects/41/?format=json","name":"GNU C Library","link_name":"glibc","list_id":"libc-alpha.sourceware.org","list_email":"libc-alpha@sourceware.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260427223127.119107-1-siddhesh@gotplt.org>","date":"2026-04-27T22:31:27","name":"[to-be-committed] Document CVE-2026-6238","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"b1b20f3eaa427977f3204718b79a7622c6ddd7bd","submitter":{"id":69150,"url":"http://patchwork.ozlabs.org/api/1.1/people/69150/?format=json","name":"Siddhesh Poyarekar","email":"siddhesh@gotplt.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/glibc/patch/20260427223127.119107-1-siddhesh@gotplt.org/mbox/","series":[{"id":501737,"url":"http://patchwork.ozlabs.org/api/1.1/series/501737/?format=json","web_url":"http://patchwork.ozlabs.org/project/glibc/list/?series=501737","date":"2026-04-27T22:31:27","name":"[to-be-committed] Document CVE-2026-6238","version":1,"mbox":"http://patchwork.ozlabs.org/series/501737/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2229256/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2229256/checks/","tags":{},"headers":{"Return-Path":"<libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org>","X-Original-To":["incoming@patchwork.ozlabs.org","libc-alpha@sourceware.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","libc-alpha@sourceware.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gotplt.org header.i=@gotplt.org header.a=rsa-sha256\n header.s=dreamhost header.b=UMBxiig6;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org\n (client-ip=2620:52:6:3111::32; helo=vm01.sourceware.org;\n envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;\n receiver=patchwork.ozlabs.org)","sourceware.org;\n\tdkim=pass (2048-bit key,\n unprotected) header.d=gotplt.org header.i=@gotplt.org header.a=rsa-sha256\n header.s=dreamhost header.b=UMBxiig6","sourceware.org;\n dmarc=none (p=none dis=none) header.from=gotplt.org","sourceware.org; spf=pass smtp.mailfrom=gotplt.org","server2.sourceware.org;\n arc=pass smtp.remote-ip=23.83.214.25"],"Received":["from vm01.sourceware.org (vm01.sourceware.org\n [IPv6:2620:52:6:3111::32])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4JGG6s3wz1xvV\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 08:32:06 +1000 (AEST)","from vm01.sourceware.org (localhost [127.0.0.1])\n\tby sourceware.org (Postfix) with ESMTP id B3DA24B9DB4F\n\tfor <incoming@patchwork.ozlabs.org>; Mon, 27 Apr 2026 22:32:04 +0000 (GMT)","from bumble.maple.relay.mailchannels.net\n (bumble.maple.relay.mailchannels.net [23.83.214.25])\n by sourceware.org (Postfix) with ESMTPS id A4CDB4B9DB47\n for <libc-alpha@sourceware.org>; Mon, 27 Apr 2026 22:31:43 +0000 (GMT)","from relay.mailchannels.net (localhost [127.0.0.1])\n by relay.mailchannels.net (Postfix) with ESMTP id 706198013AF;\n Mon, 27 Apr 2026 22:31:42 +0000 (UTC)","from pdx1-sub0-mail-a202.dreamhost.com\n (trex-green-8.trex.outbound.svc.cluster.local [100.97.143.133])\n (Authenticated sender: dreamhost)\n by relay.mailchannels.net (Postfix) with ESMTPA id 1F688800D4E;\n Mon, 27 Apr 2026 22:31:42 +0000 (UTC)","from pdx1-sub0-mail-a202.dreamhost.com (pop.dreamhost.com\n [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)\n by 100.97.143.133 (trex/7.1.5); Mon, 27 Apr 2026 22:31:42 +0000","from devel (unknown [38.23.181.90])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n (Authenticated sender: siddhesh@gotplt.org)\n by pdx1-sub0-mail-a202.dreamhost.com (Postfix) with ESMTPSA id 4g4JFn2S4Tz3Z;\n Mon, 27 Apr 2026 15:31:41 -0700 (PDT)"],"DKIM-Filter":["OpenDKIM Filter v2.11.0 sourceware.org B3DA24B9DB4F","OpenDKIM Filter v2.11.0 sourceware.org A4CDB4B9DB47"],"DMARC-Filter":"OpenDMARC Filter v1.4.2 sourceware.org A4CDB4B9DB47","ARC-Filter":"OpenARC Filter v1.0.0 sourceware.org A4CDB4B9DB47","ARC-Seal":["i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1777329103; cv=pass;\n b=sU9uhtblZCAJxQU40kim9CGo9f8BDnx1+Fs8p+67QUI5VjH5Uw7mz2h5hrsnSvnsnLrXUiHFdzm3fXnrEB9gx4TQfiZH5AHYeI4GES3RipgQQevgQ2Z6WUaxPIQ2hVyzmcZyqj5AnejQ3nMKlQgb1TmOepfOZDLV90iYkmg1RRs=","i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none;\n t=1777329102;\n b=1wkHGyJTjq/EPFuNGBDqw54sVtsz8RAih/iea2pK9tW6fG1mFb2SPHNNqkHIxboDdAdeYq\n RdxQ/V6RBbkOCkirCrPsRo8DYnOt7On5yEjn75nSq1V4Ma6MEnAP+hUX8B+OojVXopRlEr\n 0TXHC7wP/8C+ufqUYTuCzdcvuIioKC1Zej7UEmMk5y3KMj7jPDS/WPJuCr12bmtvcj04NU\n SUGQ3G1KsxBw8h0+pPptLfDajl6Kz+nskbM3TDzdXwkofnnXAkgJpoTDPuU9ktu/kBBujq\n v2oj3w3sPcdjsNXPj1ek8IbqAMrlttWeKsttr0XxSmyOZdXj+PaHlSxB7+KWhg=="],"ARC-Message-Signature":["i=2; a=rsa-sha256; d=sourceware.org; s=key;\n t=1777329103; c=relaxed/simple;\n bh=j78Ipg/VF0fQ6SMF2GGWs+8+PstIPv1VNWxjfu0vM/Y=;\n h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;\n b=xAeFR9/qthKxCwtqv6HV4zT/9ZT9mIbdaJIAZdXfe5v2QveFtvi3MD1dAeQV9lTfYCaRuQ0+2JR+F9Gx51ouEvNM81xRgrlsW3J34GFwjuYtmd4h0jn/I2ICH9Z8vQbfj1z5zOfL3934UwLCGgspI8RB/qUFoiIbWZj9jsqmCUo=","i=1; a=rsa-sha256; c=relaxed/relaxed;\n d=mailchannels.net; s=arc-2022; t=1777329102;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:\n content-transfer-encoding:content-transfer-encoding:dkim-signature;\n bh=wzdWQiXNJ+kpH4sWWY9ynI02NTbSMYEi7+9fpDJZRcY=;\n b=xyGjp6WNaqNmc543kVzeLvxnAHhSfy9sphtiGf5o3SZ+YMmYJelSVoeqZcjOQgEcETJLOU\n Jcv0IbD2wfPKHPnY6JkamPU5xtfOTMZ3ymuzmNUD1Jtpeucnq0+hXBblb6WKUcppNQS3Gy\n bC+z5Tjy3uHkIjY0zs/MzYahQaXO+kdho9gyMSi9kMhCNUlac5HWoXG+tSdtGj32X7MQkU\n ZKnPhshRkVQpajhZvBvPsUkwOdqTSTOq2/xpVsoCgrYUhQmaPmmi+f1SzETDRDyWe45hX+\n goHtm83x/s5JInVy2mbrKpr0NyyBkMB4CDcyVWHvkSvDraVCS4PReMyxvRQLPg=="],"ARC-Authentication-Results":["i=2; server2.sourceware.org","i=1; rspamd-55bb47d7db-dp946;\n auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org"],"X-Sender-Id":["dreamhost|x-authsender|siddhesh@gotplt.org","dreamhost|x-authsender|siddhesh@gotplt.org"],"X-MC-Relay":"Neutral","X-MailChannels-SenderId":"dreamhost|x-authsender|siddhesh@gotplt.org","X-MailChannels-Auth-Id":"dreamhost","X-Tank-Coil":"4916b1de30f88217_1777329102334_3898537530","X-MC-Loop-Signature":"1777329102334:2327892097","X-MC-Ingress-Time":"1777329102334","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org;\n s=dreamhost; t=1777329101;\n bh=wzdWQiXNJ+kpH4sWWY9ynI02NTbSMYEi7+9fpDJZRcY=;\n h=From:To:Cc:Subject:Date:Content-Transfer-Encoding;\n b=UMBxiig6Cqnq3XOKAJPVByLxrBJ3m6L5dYqeZunCj2VYA/gNjNJvAZGvijnDpdw+5\n /siMQ97w7bDRUnw9W6I84YyQUIXmSBtFlOgigtlAe+Wbq3Deu9xl5BLJ1gznZvu6+4\n TVl4XIf/JhKYtxkxlQrh5/r7+jVVfXDkurGoFd0TUYYVEzx3DC94jh0Wyny1Y5WX8e\n YRpqJw9JCf7nrhmBbZ3aRiEZcOYSIh29gtJLx6SeuqIUnjLmevEahLd8v5kt1zHNjr\n 4pX3TEmR0bLXbkIvE8RvfYK7FTS4yp44EuVFMPzGA/3gOPewcs4ToHhm8sRBFaWJ0z\n 1hvbT9DJEgrBA==","From":"Siddhesh Poyarekar <siddhesh@gotplt.org>","To":"libc-alpha@sourceware.org","Cc":"carlos@redhat.com,\n\tfweimer@redhat.com","Subject":"[to-be-committed] Document CVE-2026-6238","Date":"Mon, 27 Apr 2026 18:31:27 -0400","Message-ID":"<20260427223127.119107-1-siddhesh@gotplt.org>","X-Mailer":"git-send-email 2.53.0","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-BeenThere":"libc-alpha@sourceware.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Libc-alpha mailing list <libc-alpha.sourceware.org>","List-Unsubscribe":"<https://sourceware.org/mailman/options/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>","List-Archive":"<https://sourceware.org/pipermail/libc-alpha/>","List-Post":"<mailto:libc-alpha@sourceware.org>","List-Help":"<mailto:libc-alpha-request@sourceware.org?subject=help>","List-Subscribe":"<https://sourceware.org/mailman/listinfo/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=subscribe>","Errors-To":"libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org"},"content":"Signed-off-by: Siddhesh Poyarekar <siddhesh@gotplt.org>\n---\n advisories/GLIBC-SA-2026-0012 | 18 ++++++++++++++++++\n 1 file changed, 18 insertions(+)\n create mode 100644 advisories/GLIBC-SA-2026-0012","diff":"diff --git a/advisories/GLIBC-SA-2026-0012 b/advisories/GLIBC-SA-2026-0012\nnew file mode 100644\nindex 0000000000..29498d905e\n--- /dev/null\n+++ b/advisories/GLIBC-SA-2026-0012\n@@ -0,0 +1,18 @@\n+Buffer overread in ns_printrrf with corrupted RDATA field\n+\n+The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the\n+GNU C Library version 2.2 and newer fail to validate the RDATA content\n+against the RDATA length in a DNS response when processing LOC, CERT,\n+TKEY or TSIG records, which may allow an attacker to craft a DNS\n+response, causing a target application to crash or read uninitialized\n+memory.\n+\n+These functions are for debugging only and hence not in the default path\n+of code executed by the DNS resolver.  Further, they have been\n+deprecated since version 2.34 and should not be used by any new\n+applications.  Applications should consider porting away from these\n+interfaces since they may be removed in future versions.\n+\n+CVE-Id: CVE-2026-6238\n+Public-Date: 2026-04-11\n+Vulnerable-Commit: b43b13ac2544b11f35be301d1589b51a8473e32b (2.1.1-735)\n","prefixes":["to-be-committed"]}