git.libre-soc.org Git - buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Tue, 6 Feb 2018 15:30:32 +0000 (16:30 +0100)
committer	Thomas Petazzoni <thomas.petazzoni@bootlin.com>
	Thu, 8 Feb 2018 22:22:31 +0000 (23:22 +0100)
commit	49a698f14eab7cb87256f35125d16a08f2eaeb5c
tree	d9bb1690142cd33abae788860f1081596f82e83f	tree
parent	6ba44a70df115b643475e0085e6ad52d18eeb3ea	commit \| diff

glibc: security bump to the latest commit on 2.26 branch

Fixes the following security issues according to NEWS:

CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads
to the allocation of too much memory.  (This is not a security bug per se,
it is mentioned here only because of the CVE assignment.) Reported by
Qualys.

CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation of
the number of search path components.  (This is not a security vulnerability
per se because no trust boundary is crossed if the fix for CVE-2017-1000366
has been applied, but it is mentioned here only because of the CVE
assignment.) Reported by Qualys.

CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN
for AT_SECURE or SUID binaries could be used to load libraries from the
current directory.

CVE-2018-1000001: Buffer underflow in realpath function when getcwd function
succeeds without returning an absolute path due to unexpected behaviour of
the Linux kernel getcwd syscall.  Reported by halfdog.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

package/glibc/glibc.hash		diff \| blob \| history
package/glibc/glibc.mk		diff \| blob \| history