[Buildroot] [PATCH] package/glibc: bump version for post-2.30 security fixes
Peter Korsgaard
peter at korsgaard.com
Mon Dec 23 09:27:28 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security vulnerability:
> - CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
> environment variable during program execution after a security
> transition, allowing local attackers to restrict the possible mapping
> addresses for loaded libraries and thus bypass ASLR for a setuid
> program. Reported by Marcin Kościelnicki.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2019.11.x, thanks.
For 2019.02.x I will instead bump the 2.28.x version for the same fix.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list