[Buildroot] [PATCH] glibc: add upstream security patches fixing CVE-2017-1000366 (stack clash)

Peter Korsgaard peter at korsgaard.com
Wed Jun 28 21:28:35 UTC 2017


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH
 > values to manipulate the heap/stack, causing them to alias, potentially
 > resulting in arbitrary code execution.  Please note that additional
 > hardening changes have been made to glibc to prevent manipulation of stack
 > and heap memory but these issues are not directly exploitable, as such they
 > have not been given a CVE.

 > https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

 > Patches are identical to upstream, except that the ChangeLog modifications
 > have been stripped.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list