From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 5/5] package/glibc: bump to 2.27
Date: Tue, 06 Feb 2018 15:41:47 +0100 [thread overview]
Message-ID: <874lmutc2c.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20180206134647.fksog42sz7wgpq4w@tarshish> (Baruch Siach's message of "Tue, 6 Feb 2018 15:46:47 +0200")
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
Hi,
>> Possibly, yes. Lets see how much blows up on next. Do you know if (some
>> of) these issues are also fixed on the 2.26 branch?
> As far as I know all these issues are fixed in the 2.26 stable branch. See the
> NEWS file in that branch.
Ok, but only when we bump to the latest version on the 2.26 branch
- E.G.:
git diff 73a92363619e52c458146e903dfb9b1ba823aa40.. -- NEWS
CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads
to the allocation of too much memory. (This is not a security bug per se,
it is mentioned here only because of the CVE assignment.) Reported by
Qualys.
CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation
of the number of search path components. (This is not a security
vulnerability per se because no trust boundary is crossed if the fix for
CVE-2017-1000366 has been applied, but it is mentioned here only because
of the CVE assignment.) Reported by Qualys.
CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN
for AT_SECURE or SUID binaries could be used to load libraries from the
current directory.
CVE-2018-1000001: Buffer underflow in realpath function when getcwd function
succeeds without returning an absolute path due to unexpected behaviour
of the Linux kernel getcwd syscall. Reported by halfdog.
I don't see any reference to CVE-2018-6485 though.
I'll send a patch to bump the version.
--
Bye, Peter Korsgaard
next prev parent reply other threads:[~2018-02-06 14:41 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-05 20:57 [Buildroot] [PATCH 1/5] package/x11r7/xlib_libxshmfence: fix build with glibc 2.27 Romain Naour
2018-02-05 20:57 ` [Buildroot] [PATCH 2/5] package/pulseaudio: only define memfd_create() if not already defined Romain Naour
2018-02-05 20:57 ` [Buildroot] [PATCH 3/5] package/libraw: rename internal powf64 Romain Naour
2018-02-05 20:57 ` [Buildroot] [PATCH 4/5] package/glibc: remove GLIBC_SRC_SUBDIR Romain Naour
2018-02-05 21:27 ` Yann E. MORIN
2018-02-05 20:57 ` [Buildroot] [PATCH 5/5] package/glibc: bump to 2.27 Romain Naour
2018-02-05 21:01 ` Baruch Siach
2018-02-05 21:16 ` Romain Naour
2018-02-05 21:41 ` Yann E. MORIN
2018-02-05 23:32 ` Peter Korsgaard
2018-02-06 4:15 ` Baruch Siach
2018-02-06 8:18 ` Arnout Vandecappelle
2018-02-06 10:50 ` Baruch Siach
2018-02-06 12:38 ` Arnout Vandecappelle
2018-02-06 13:44 ` Peter Korsgaard
2018-02-06 13:46 ` Baruch Siach
2018-02-06 14:41 ` Peter Korsgaard [this message]
2018-02-06 16:40 ` Baruch Siach
2018-02-05 21:08 ` [Buildroot] [PATCH 1/5] package/x11r7/xlib_libxshmfence: fix build with glibc 2.27 Yann E. MORIN
2018-02-06 12:43 ` Thomas Petazzoni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874lmutc2c.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.