From patchwork Mon Apr 27 21:52:10 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Carlos O'Donell X-Patchwork-Id: 134042 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id A8F7D4BA23E8 for ; Mon, 27 Apr 2026 21:53:09 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A8F7D4BA23E8 Authentication-Results: sourceware.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=gS+S3S2E X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTP id 55DF24BA5436 for ; Mon, 27 Apr 2026 21:52:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 55DF24BA5436 Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 55DF24BA5436 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1777326759; cv=none; b=Rb6AfkB0YpTnkxV419tyPT2FlOlUjH499X65HmwyHu1GHBibtHm2ajzKN74ejT4uYoybhVhjticX+AfwlGG1C5xgSdAl++yflllPUr/0UB+CecyuGT4Q/ChULBAF9DcrWrrtryr9gK4MFvo/g/ZZ+/Y3+e+W8dKrmnMp4ttNVrQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1777326759; c=relaxed/simple; bh=BVt2vL2Alb3PXyF1kTc9c6hDJJ6zdFuz+Aqz+nm1K38=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=LS+b+eEomp3LNgy0rdxFzajBmbwj8+PpUm+r8pB3/HvUmcf+mLZNFsUkJeppAxEAlz96phaPWLlb1l5Mt9WFev3W78EuB7vlObLBoNswX6CeIpZPntqRPtw/qCKFjm7t3PM7rPUBeZ2orDuHUcUGEsxbmPZnncbFhOe1l2a6ico= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 55DF24BA5436 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1777326759; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bPIyKZKTr0zc+cfebuiySCXCgqXc/8QrRE1Ir8djF+4=; b=gS+S3S2EtJtu1u4WNJhw+p5pX6aWVuz1yuSt14JEdXC18rvi5YTJVq7S81C/FrMhL2nCMF SgoXLsoEjYR3jjA55825rHM6gQrB+Si0LnNrwQF9jAoU5cvkFJvCGbFSCWZgjxXSIXqszM s6GTAiPlbH1maVJYuIzjzvwqdLCF294= Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com [209.85.160.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-10-df0zBZAlNYypCbMWkmGgCQ-1; Mon, 27 Apr 2026 17:52:38 -0400 X-MC-Unique: df0zBZAlNYypCbMWkmGgCQ-1 X-Mimecast-MFC-AGG-ID: df0zBZAlNYypCbMWkmGgCQ_1777326757 Received: by mail-qt1-f198.google.com with SMTP id d75a77b69052e-50da31af14cso286359071cf.1 for ; Mon, 27 Apr 2026 14:52:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777326757; x=1777931557; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=bPIyKZKTr0zc+cfebuiySCXCgqXc/8QrRE1Ir8djF+4=; b=SRqxJN8RHM8M0UNC8XnQkkx+8RbINkDNC0UtnPPvKPVhnW/MoUpNqy7njhCYX0yC0I DakKLZMIi5762FRSyBYQVlLVLvseD1Hcl1t6DBsuKq1dT6eU+GMA7PqmJgw2rG/PK59p j2bjkngLvzMfPMdtxEwZGerG4ymGJ4ilvGmMzxx7Vb5k/PzIewAlvY/0HlQtCHzO31pG /ITr9j5M8Bn8w1bLisJz+OGT4wQB1P+kcGg4JNdVnr+ISH+Rld2sjJKXSf+xbFx8IXry F2msYRoYy1lsASue6S3MzxzuiJTMDkqVrc9iXWPMoB1pjcyc6JnxdwQ+wTqZfoJZe1v/ vvaA== X-Gm-Message-State: AOJu0YzjTfbGngbVa6N3ipiv/R3oTQmu6aLbCIPqyj+GpUcs0mgljqUk NUGXAe+f6xXqiAygTXQ6kzHu5ixL82XBtBwkvA25yx9FvNpl5Rc/UX6bWp7Y5gSW7iRakRyUW2U keSC5D7//65Sc9xi1Q4OB/kfJvHy7FmMOQnc34XuVWJZVVSIb+jEDpdCiJDDq09TnGEdCZiM+o9 rsMcIgmJcUMmClF6VpGAZiJdM8XU2OrQXfTHtIoff8tDQ= X-Gm-Gg: AeBDieuqFa4wvgbe1R/syf0finU1RLoQ89ndPEyPFEAXjz3+Y5nXzQYxcsjp3UUuweS XqwMMNRo12TfJgnaris+Edgox/1Z2WfYLZ7fxRL4pEhqs+w6aYvZZZgqUDMQOljvud2F+yHozXD /3r6Kacg1s55vamhY+yKfoM6k2jdKyky7Ktp1mKhHTZfRMBCoBbsGFhbcN2Mf0N94oiDNqNtcKN EnF+0ribnp82jFHIU6vx1/2BheAPDji+soPimZv000s9wt5jN49BglqKA5fRYfqA/X8m+WHNfLv wMiRb3kqzSAaviPGzXL4k8BtxIq+fOcZ++1AvWFFDv8MrLGAONwnJaRjZqHTEDKVy/a8JHrqXhU Vbb+cZ4gpk1tZ5sWFxxxZekpexX8b4UDABrz+Gwc5TJ7nlW65aDtz9onMH9ei+zNeVfaRjnfCmP 06btszY8IcupaILTEJEN7tILwOWnKz5yHnQZxtN0pZlZ3RSUu4lFtAgYix6U+tgg== X-Received: by 2002:a05:622a:612:b0:50b:29a6:8696 with SMTP id d75a77b69052e-5100e10838emr4805571cf.7.1777326756701; Mon, 27 Apr 2026 14:52:36 -0700 (PDT) X-Received: by 2002:a05:622a:612:b0:50b:29a6:8696 with SMTP id d75a77b69052e-5100e10838emr4805081cf.7.1777326756084; Mon, 27 Apr 2026 14:52:36 -0700 (PDT) Received: from codonell-thinkpadp16vgen1.rmtcaon.csb ([198.48.244.52]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-5100da4cbd3sm3346181cf.4.2026.04.27.14.52.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Apr 2026 14:52:35 -0700 (PDT) From: Carlos O'Donell To: libc-alpha@sourceware.org, siddhesh@gotplt.org Cc: Carlos O'Donell Subject: [PATCH] Add advisory text for CVE-2026-5435 Date: Mon, 27 Apr 2026 17:52:10 -0400 Message-ID: <20260427215230.629899-1-carlos@redhat.com> X-Mailer: git-send-email 2.53.0 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: HYew07HJ5eOnz8tvzGB7oPePxMok0bzatk8xeYGeil8_1777326757 X-Mimecast-Originator: redhat.com content-type: text/plain; charset="US-ASCII"; x-default=true X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org --- advisories/GLIBC-SA-2026-0011 | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 advisories/GLIBC-SA-2026-0011 Reviewed-by: Siddhesh Poyarekar diff --git a/advisories/GLIBC-SA-2026-0011 b/advisories/GLIBC-SA-2026-0011 new file mode 100644 index 0000000000..6c1e50fa74 --- /dev/null +++ b/advisories/GLIBC-SA-2026-0011 @@ -0,0 +1,24 @@ +Potential buffer overflow in ns_sprintrrf TSIG handling path + +The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the +GNU C Library version 2.2 and newer fail to enforce the caller-supplied +buffer length, and can result in an out-of-bounds write when printing +TSIG records. + +A defect in the TSIG case handling within ns_sprintrrf performs a +formatted write using sprintf without checking the remaining buffer +length, and may write up to 6 bytes past the end of the buffer. If the +library is compiled with assertions, and the out-of-bounds write doesn't +terminate the process, then a subsequent check for "len <= *buflen" will +trigger an assertion failure. + +These functions are for debugging only and hence not in the default path +of code executed by the DNS resolver. Further, they have been deprecated +since version 2.34 (2021-08-02) and should not be used by any new +applications. Applications should consider porting away from these +interfaces since they may be removed in future versions. + +CVE-Id: CVE-2026-5435 +Public-Date: 2026-04-02 +Vulnerable-Commit: b43b13ac2544b11f35be301d1589b51a8473e32b (2.2) +Reported-by: shinobu