From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 5/5] package/glibc: bump to 2.27
Date: Tue, 06 Feb 2018 15:41:47 +0100 [thread overview]
Message-ID: <874lmutc2c.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20180206134647.fksog42sz7wgpq4w@tarshish> (Baruch Siach's message of "Tue, 6 Feb 2018 15:46:47 +0200")
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
Hi,
>> Possibly, yes. Lets see how much blows up on next. Do you know if (some
>> of) these issues are also fixed on the 2.26 branch?
> As far as I know all these issues are fixed in the 2.26 stable branch. See the
> NEWS file in that branch.
Ok, but only when we bump to the latest version on the 2.26 branch
- E.G.:
git diff 73a92363619e52c458146e903dfb9b1ba823aa40.. -- NEWS
CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads
to the allocation of too much memory. (This is not a security bug per se,
it is mentioned here only because of the CVE assignment.) Reported by
Qualys.
CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation
of the number of search path components. (This is not a security
vulnerability per se because no trust boundary is crossed if the fix for
CVE-2017-1000366 has been applied, but it is mentioned here only because
of the CVE assignment.) Reported by Qualys.
CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN
for AT_SECURE or SUID binaries could be used to load libraries from the
current directory.
CVE-2018-1000001: Buffer underflow in realpath function when getcwd function
succeeds without returning an absolute path due to unexpected behaviour
of the Linux kernel getcwd syscall. Reported by halfdog.
I don't see any reference to CVE-2018-6485 though.
I'll send a patch to bump the version.
--
Bye, Peter Korsgaard
next prev parent reply other threads:[~2018-02-06 14:41 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-05 20:57 [Buildroot] [PATCH 1/5] package/x11r7/xlib_libxshmfence: fix build with glibc 2.27 Romain Naour
2018-02-05 20:57 ` [Buildroot] [PATCH 2/5] package/pulseaudio: only define memfd_create() if not already defined Romain Naour
2018-02-05 20:57 ` [Buildroot] [PATCH 3/5] package/libraw: rename internal powf64 Romain Naour
2018-02-05 20:57 ` [Buildroot] [PATCH 4/5] package/glibc: remove GLIBC_SRC_SUBDIR Romain Naour
2018-02-05 21:27 ` Yann E. MORIN
2018-02-05 20:57 ` [Buildroot] [PATCH 5/5] package/glibc: bump to 2.27 Romain Naour
2018-02-05 21:01 ` Baruch Siach
2018-02-05 21:16 ` Romain Naour
2018-02-05 21:41 ` Yann E. MORIN
2018-02-05 23:32 ` Peter Korsgaard
2018-02-06 4:15 ` Baruch Siach
2018-02-06 8:18 ` Arnout Vandecappelle
2018-02-06 10:50 ` Baruch Siach
2018-02-06 12:38 ` Arnout Vandecappelle
2018-02-06 13:44 ` Peter Korsgaard
2018-02-06 13:46 ` Baruch Siach
2018-02-06 14:41 ` Peter Korsgaard [this message]
2018-02-06 16:40 ` Baruch Siach
2018-02-05 21:08 ` [Buildroot] [PATCH 1/5] package/x11r7/xlib_libxshmfence: fix build with glibc 2.27 Yann E. MORIN
2018-02-06 12:43 ` Thomas Petazzoni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874lmutc2c.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox