From: Florian Weimer Date: Fri, 19 Jun 2026 16:22:20 +0000 (+0200) Subject: Update GLIBC-SA-2026-0012 to mention A6 records X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1607beb5f424bff2eb84e97f013f8fda8a6ed5d4;p=thirdparty%2Fglibc.git Update GLIBC-SA-2026-0012 to mention A6 records It turns out there is a missing inner length check in it, too. Also fix the vulnerable commit. It predates the glibc 2.0 release because the old stream-based formatting code in resolv/res_debug.c had the same bug in its LOC handling. Reviewed-by: Carlos O'Donell Reviewed-by: Adhemerval Zanella --- diff --git a/advisories/GLIBC-SA-2026-0012 b/advisories/GLIBC-SA-2026-0012 index 6f8f00ddd7..926ca16102 100644 --- a/advisories/GLIBC-SA-2026-0012 +++ b/advisories/GLIBC-SA-2026-0012 @@ -2,7 +2,7 @@ Buffer overread in ns_printrrf with corrupted RDATA field The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content -against the RDATA length in a DNS response when processing LOC, CERT, +against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. @@ -15,4 +15,4 @@ interfaces since they may be removed in future versions. CVE-Id: CVE-2026-6238 Public-Date: 2026-04-11 -Vulnerable-Commit: b43b13ac2544b11f35be301d1589b51a8473e32b (2.2) +Vulnerable-Commit: ee188d555b8c32ad9704a7440cab400af967292f (1.90)