glibc: Fix CVE-2023-4527

author: Xi Ruoyao <xry111@xry111.site> 2023-09-13 14:31:39 +0800
committer: Xi Ruoyao <xry111@xry111.site> 2023-09-13 14:32:19 +0800
commit: 48d8f5a51d5dfe58ac6d205fa7430f364225fab2 (patch)
tree: f491e476e14b9fb4fa90a5d8d2003f536d2c7512 /chapter08
parent: c858ba4e17a445591520ddcea8b288b8e3d6db42 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/chapter08/glibc.xml b/chapter08/glibc.xml
index 3932a2147..c648fe129 100644
--- a/chapter08/glibc.xml
+++ b/chapter08/glibc.xml
@@ -55,6 +55,18 @@
 
 <screen><userinput remap="pre">patch -Np1 -i ../&glibc-memalign-patch;</userinput></screen>
 
+    <!-- CVE-2023-4527
+         https://sourceware.org/bugzilla/show_bug.cgi?id=30842
+         https://sourceware.org/ml/libc-alpha/2023-September/151522.html -->
+    <para>Then fix a security vulnerability exploitable when the
+    <option>no-aaaa</option> option is used in
+    <filename>/etc/resolv.conf</filename>:</para>
+
+<screen><userinput remap="pre">sed \
+  -E "/__res_context_search/\
+      {N;N;s/(search \(([^,]*,){6}[^,]*)NULL/\1\&amp;alt_dns_packet_buffer/}" \
+  -i resolv/nss_dns/dns-host.c</userinput></screen>
+
     <para>The Glibc documentation recommends building Glibc
     in a dedicated build directory:</para>
author	Xi Ruoyao <xry111@xry111.site>	2023-09-13 14:31:39 +0800
committer	Xi Ruoyao <xry111@xry111.site>	2023-09-13 14:32:19 +0800
commit	48d8f5a51d5dfe58ac6d205fa7430f364225fab2 (patch)
tree	f491e476e14b9fb4fa90a5d8d2003f536d2c7512 /chapter08
parent	c858ba4e17a445591520ddcea8b288b8e3d6db42 (diff)