[Buildroot] [PATCH] glibc: add upstream security patches fixing CVE-2017-1000366 (stack clash)
Peter Korsgaard
peter at korsgaard.com
Wed Jun 28 21:28:35 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH
> values to manipulate the heap/stack, causing them to alias, potentially
> resulting in arbitrary code execution. Please note that additional
> hardening changes have been made to glibc to prevent manipulation of stack
> and heap memory but these issues are not directly exploitable, as such they
> have not been given a CVE.
> https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
> Patches are identical to upstream, except that the ChangeLog modifications
> have been stripped.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list