1983d2e6a3
Fixes the following security issues: CVE-2022-23219: Passing an overlong file name to the clnt_create legacy function could result in a stack-based buffer overflow when using the "unix" protocol. Reported by Martin Sebor. CVE-2022-23218: Passing an overlong file name to the svcunix_create legacy function could result in a stack-based buffer overflow. CVE-2021-3998: Passing a path longer than PATH_MAX to the realpath function could result in a memory leak and potential access of uninitialized memory. Reported by Qualys. CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd function may result in an off-by-one buffer underflow and overflow when the current working directory is longer than PATH_MAX and also corresponds to the / directory through an unprivileged mount namespace. Reported by Qualys. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: Romain Naour <romain.naour@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
8 lines
460 B
Plaintext
8 lines
460 B
Plaintext
# Locally calculated (fetched from Github)
|
|
sha256 3c299a21468a80356b848ca341f45551616c4928a6c871e6d45cee942e8b0f24 glibc-2.34-109-gd64b08d5ba7ffbc9155630f4843cf2e271b1629c.tar.gz
|
|
|
|
# Hashes for license files
|
|
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
|
|
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LIB
|
|
sha256 b33d0bd9f685b46853548814893a6135e74430d12f6d94ab3eba42fc591f83bc LICENSES
|