Package: libc6 Version: 2.36-9 Severity: critical Justification: breaks the whole system
Dear Maintainer, Installing libc6_2.36-9+deb12u1_amd64.deb on some but not all systems results in every dynamically linked program dying with a spurious report of stack smashing. Getting back to a working system required use of busybox to get bash-static and also creating a fake perl as a shell script containing exit 0 (because /bin/true is dynamic) and then busybox again to wget and dpkg install the 2.36-9. I repeated this three times to be sure. Works OK on e.g. Intel(R) Xeon(R) CPU L5520 @ 2.27GHz Stack smashing on e.g. Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz Preparing to unpack .../libc6_2.36-9+deb12u1_amd64.deb ... Unpacking libc6:amd64 (2.36-9+deb12u1) over (2.36-9) ... *** stack smashing detected ***: terminated dpkg: error while cleaning up: rm command for cleanup subprocess was killed by signal (Aborted) *** stack smashing detected ***: terminated E: Sub-process /usr/bin/dpkg exited unexpectedly # ls -l *** stack smashing detected ***: terminated Aborted # Both successes and failures were on multiarch systems with i386 although that does not seem to be relevant. -- System Information: Debian Release: 12.1 APT prefers stable-updates APT policy: (2000, 'stable-updates'), (2000, 'stable-security'), (2000, 'stable') merged-usr: no Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-10-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/bash-static Init: sysvinit (via /sbin/init) Versions of packages libc6 depends on: ii libgcc-s1 12.2.0-14 Versions of packages libc6 recommends: ii libidn2-0 2.3.3-1+b1 Versions of packages libc6 suggests: ii debconf [debconf-2.0] 1.5.82 ii glibc-doc 2.36-9+deb12u1 ii libc-l10n 2.36-9+deb12u1 pn libnss-nis <none> pn libnss-nisplus <none> ii locales 2.36-9 -- no debconf information
