| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE: CVE-2017-12133 CVE-2017-16997 CVE-2018-6551
Glibc in the upstream pyro is 2.25.
Reference:
CVE-2017-12133 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491
CVE-2017-16997 https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=patch;h=21c5d14bfb4e08bee86f94fd815535d3be2c3869
CVE-2018-6551 https://sourceware.org/git/?p=glibc.git;a=patch;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
Change-Id: I16492f0713f8134cf31597d2f38ab039c277d77c
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes memory leak in sunrpc when decoding malformed XDR
References:
https://security-tracker.debian.org/tracker/CVE-2017-8804
Upstream patch:
https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DNS stub resolver in the glibc or libc6 before version 2.26,
when EDNS support is enabled, will solicit large UDP responses
from name servers, potentially simplifying off-path DNS
spoofing attacks due to IP fragmentation.
Reference:
https://security-tracker.debian.org/tracker/CVE-2017-12132
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
glibc contains a vulnerability that allows specially crafted
LD_LIBRARY_PATH values to manipulate the heap/stack, causing
them to alias, potentially resulting in arbitrary code execution.
Reference:
https://security-tracker.debian.org/tracker/CVE-2017-1000366
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|