2018-11-27 21:04:31 UTC
would not close an internal descriptor when processing a long interface
name. This error condition can be triggered via the getaddrinfo
function (and at least one HTTP client library).
Fixed with this upstream commit:
Author: Florian Weimer <***@redhat.com>
Date: Tue Nov 27 16:12:43 2018 +0100
CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]
The vulnerability was introduced in commit
2180fee114b778515b3f560e5ff1e795282e60b0 ("Check length of ifname before
copying it into to ifreq structure."), fixing bug 22442 for glibc 2.27.
Since this addressed a compiler warning with GCC 8, this commit was
backported to quite a few release branches.