NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

glibc: security bump to the latest 2.26 branch

Browse Source 
List of fixes from the 2.26 branch NEWS files:

  CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
  suffered from a one-byte overflow during ~ operator processing (either
  on the stack or the heap, depending on the length of the user name).
  Reported by Tim Rühsen.

  CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
  would sometimes fail to free memory allocated during ~ operator
  processing, leading to a memory leak and, potentially, to a denial
  of service.

  CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
  without GLOB_NOESCAPE, could write past the end of a buffer while
  unescaping user names.  Reported by Tim Rühsen.

  CVE-2017-17426: The malloc function, when called with an object size near
  the value SIZE_MAX, would return a pointer to a buffer which is too small,
  instead of NULL.  This was a regression introduced with the new malloc
  thread cache in glibc 2.26.  Reported by Iain Buclaw.

Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Baruch Siach 2017-12-08 09:12:56 +02:00 committed by Peter Korsgaard
parent 2c58adaa5b
commit 971ed9653e
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/glibc/glibc.hash
View File

@ -1,4 +1,4 @@
# Locally calculated (fetched from Github)
sha256 d66b3702961c846ead2bacf17a9b5239cc1e8a43ca6e322f3637e99f276efec1 glibc-glibc-2.26-73-g4b692dffb95ac4812b161eb6a16113d7e824982e.tar.gz
sha256 0766875391224153502c5542a71b6e46db53b44691078b3130e1a0df41586430 glibc-glibc-2.26-107-g73a92363619e52c458146e903dfb9b1ba823aa40.tar.gz
# Locally calculated (fetched from Github)
sha256 5aa9adeac09727db0b8a52794186563771e74d70410e9fd86431e339953fd4bb glibc-arc-2017.09-release.tar.gz

2
package/glibc/glibc.mk
View File

@ -11,7 +11,7 @@ GLIBC_SOURCE = glibc-$(GLIBC_VERSION).tar.gz
else
# Generate version string using:
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master
GLIBC_VERSION = glibc-2.26-73-g4b692dffb95ac4812b161eb6a16113d7e824982e
GLIBC_VERSION = glibc-2.26-107-g73a92363619e52c458146e903dfb9b1ba823aa40
# Upstream doesn't officially provide an https download link.
# There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
# sometimes the connection times out. So use an unofficial github mirror.