* [Buildroot] [PATCH] glibc: security bump to the latest 2.26 branch
@ 2017-12-08 7:12 Baruch Siach
2017-12-08 13:33 ` Peter Korsgaard
2017-12-27 11:44 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Baruch Siach @ 2017-12-08 7:12 UTC (permalink / raw)
To: buildroot
List of fixes from the 2.26 branch NEWS files:
CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
suffered from a one-byte overflow during ~ operator processing (either
on the stack or the heap, depending on the length of the user name).
Reported by Tim R?hsen.
CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
would sometimes fail to free memory allocated during ~ operator
processing, leading to a memory leak and, potentially, to a denial
of service.
CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
without GLOB_NOESCAPE, could write past the end of a buffer while
unescaping user names. Reported by Tim R?hsen.
CVE-2017-17426: The malloc function, when called with an object size near
the value SIZE_MAX, would return a pointer to a buffer which is too small,
instead of NULL. This was a regression introduced with the new malloc
thread cache in glibc 2.26. Reported by Iain Buclaw.
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
package/glibc/glibc.hash | 2 +-
package/glibc/glibc.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/glibc/glibc.hash b/package/glibc/glibc.hash
index 4e5bc7f7bcbc..f3a6577d2a42 100644
--- a/package/glibc/glibc.hash
+++ b/package/glibc/glibc.hash
@@ -1,4 +1,4 @@
# Locally calculated (fetched from Github)
-sha256 d66b3702961c846ead2bacf17a9b5239cc1e8a43ca6e322f3637e99f276efec1 glibc-glibc-2.26-73-g4b692dffb95ac4812b161eb6a16113d7e824982e.tar.gz
+sha256 0766875391224153502c5542a71b6e46db53b44691078b3130e1a0df41586430 glibc-glibc-2.26-107-g73a92363619e52c458146e903dfb9b1ba823aa40.tar.gz
# Locally calculated (fetched from Github)
sha256 5aa9adeac09727db0b8a52794186563771e74d70410e9fd86431e339953fd4bb glibc-arc-2017.09-release.tar.gz
diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
index d99b524ef9fa..cb3a84a9a779 100644
--- a/package/glibc/glibc.mk
+++ b/package/glibc/glibc.mk
@@ -11,7 +11,7 @@ GLIBC_SOURCE = glibc-$(GLIBC_VERSION).tar.gz
else
# Generate version string using:
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master
-GLIBC_VERSION = glibc-2.26-73-g4b692dffb95ac4812b161eb6a16113d7e824982e
+GLIBC_VERSION = glibc-2.26-107-g73a92363619e52c458146e903dfb9b1ba823aa40
# Upstream doesn't officially provide an https download link.
# There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
# sometimes the connection times out. So use an unofficial github mirror.
--
2.15.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] glibc: security bump to the latest 2.26 branch
2017-12-08 7:12 [Buildroot] [PATCH] glibc: security bump to the latest 2.26 branch Baruch Siach
@ 2017-12-08 13:33 ` Peter Korsgaard
2017-12-27 11:44 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2017-12-08 13:33 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> List of fixes from the 2.26 branch NEWS files:
> CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
> suffered from a one-byte overflow during ~ operator processing (either
> on the stack or the heap, depending on the length of the user name).
> Reported by Tim R?hsen.
> CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
> would sometimes fail to free memory allocated during ~ operator
> processing, leading to a memory leak and, potentially, to a denial
> of service.
> CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
> without GLOB_NOESCAPE, could write past the end of a buffer while
> unescaping user names. Reported by Tim R?hsen.
> CVE-2017-17426: The malloc function, when called with an object size near
> the value SIZE_MAX, would return a pointer to a buffer which is too small,
> instead of NULL. This was a regression introduced with the new malloc
> thread cache in glibc 2.26. Reported by Iain Buclaw.
> Cc: Waldemar Brodkorb <wbx@openadk.org>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] glibc: security bump to the latest 2.26 branch
2017-12-08 7:12 [Buildroot] [PATCH] glibc: security bump to the latest 2.26 branch Baruch Siach
2017-12-08 13:33 ` Peter Korsgaard
@ 2017-12-27 11:44 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2017-12-27 11:44 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> List of fixes from the 2.26 branch NEWS files:
> CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
> suffered from a one-byte overflow during ~ operator processing (either
> on the stack or the heap, depending on the length of the user name).
> Reported by Tim R?hsen.
> CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
> would sometimes fail to free memory allocated during ~ operator
> processing, leading to a memory leak and, potentially, to a denial
> of service.
> CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
> without GLOB_NOESCAPE, could write past the end of a buffer while
> unescaping user names. Reported by Tim R?hsen.
> CVE-2017-17426: The malloc function, when called with an object size near
> the value SIZE_MAX, would return a pointer to a buffer which is too small,
> instead of NULL. This was a regression introduced with the new malloc
> thread cache in glibc 2.26. Reported by Iain Buclaw.
> Cc: Waldemar Brodkorb <wbx@openadk.org>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Committed to 2017.11.x, thanks.
> ---
> package/glibc/glibc.hash | 2 +-
> package/glibc/glibc.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
> diff --git a/package/glibc/glibc.hash b/package/glibc/glibc.hash
> index 4e5bc7f7bcbc..f3a6577d2a42 100644
> --- a/package/glibc/glibc.hash
> +++ b/package/glibc/glibc.hash
> @@ -1,4 +1,4 @@
> # Locally calculated (fetched from Github)
> -sha256 d66b3702961c846ead2bacf17a9b5239cc1e8a43ca6e322f3637e99f276efec1 glibc-glibc-2.26-73-g4b692dffb95ac4812b161eb6a16113d7e824982e.tar.gz
> +sha256 0766875391224153502c5542a71b6e46db53b44691078b3130e1a0df41586430 glibc-glibc-2.26-107-g73a92363619e52c458146e903dfb9b1ba823aa40.tar.gz
> # Locally calculated (fetched from Github)
> sha256 5aa9adeac09727db0b8a52794186563771e74d70410e9fd86431e339953fd4bb glibc-arc-2017.09-release.tar.gz
> diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
> index d99b524ef9fa..cb3a84a9a779 100644
> --- a/package/glibc/glibc.mk
> +++ b/package/glibc/glibc.mk
> @@ -11,7 +11,7 @@ GLIBC_SOURCE = glibc-$(GLIBC_VERSION).tar.gz
> else
> # Generate version string using:
> # git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master
> -GLIBC_VERSION = glibc-2.26-73-g4b692dffb95ac4812b161eb6a16113d7e824982e
> +GLIBC_VERSION = glibc-2.26-107-g73a92363619e52c458146e903dfb9b1ba823aa40
> # Upstream doesn't officially provide an https download link.
> # There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
> # sometimes the connection times out. So use an unofficial github mirror.
> --
> 2.15.0
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-12-27 11:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-08 7:12 [Buildroot] [PATCH] glibc: security bump to the latest 2.26 branch Baruch Siach
2017-12-08 13:33 ` Peter Korsgaard
2017-12-27 11:44 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox