glibc: CVE-2015-8777

The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. (From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252) References: https://sourceware.org/bugzilla/show_bug.cgi?id=18928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8777 Reproducing steps available at: http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html CVE request: http://seclists.org/oss-sec/2015/q3/504 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
author: Sona Sarmadi <sona.sarmadi@enea.com> 2016-02-03 11:59:16 +0100
committer: Tudor Florea <tudor.florea@enea.com> 2016-02-03 22:21:58 +0100
commit: 1ad606237b61bc851e25976ba69f458374287f78 (patch)
tree: a8897c5c0c1331b16c479dea43e9b16ab8539547 /meta/recipes-core/glibc/glibc_2.20.bb
parent: a3b82f660c689b3310f1c1d9197cfd7494cc8e5e (diff)
download: poky-1ad606237b61bc851e25976ba69f458374287f78.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb
index 4b0e927bfa..7bf4dbabf7 100644
--- a/meta/recipes-core/glibc/glibc_2.20.bb
+++ b/meta/recipes-core/glibc/glibc_2.20.bb
@@ -52,6 +52,7 @@ CVEPATCHES = "\
        file://CVE-2014-9761_1.patch \
        file://CVE-2014-9761_2.patch \
        file://CVE-2015-8776.patch \
+        file://CVE-2015-8777.patch \
    "
 LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
      file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
author	Sona Sarmadi <sona.sarmadi@enea.com>	2016-02-03 11:59:16 +0100
committer	Tudor Florea <tudor.florea@enea.com>	2016-02-03 22:21:58 +0100
commit	1ad606237b61bc851e25976ba69f458374287f78 (patch)
tree	a8897c5c0c1331b16c479dea43e9b16ab8539547 /meta/recipes-core/glibc/glibc_2.20.bb
parent	a3b82f660c689b3310f1c1d9197cfd7494cc8e5e (diff)
download	poky-1ad606237b61bc851e25976ba69f458374287f78.tar.gz

diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb index 4b0e927bfa..7bf4dbabf7 100644 --- a/meta/recipes-core/glibc/glibc_2.20.bb +++ b/meta/recipes-core/glibc/glibc_2.20.bb
@@ -52,6 +52,7 @@ CVEPATCHES = "\
52	file://CVE-2014-9761_1.patch \	52	file://CVE-2014-9761_1.patch \
53	file://CVE-2014-9761_2.patch \	53	file://CVE-2014-9761_2.patch \
54	file://CVE-2015-8776.patch \	54	file://CVE-2015-8776.patch \
		55	file://CVE-2015-8777.patch \
55	"	56	"
56	LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \	57	LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
57	file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \	58	file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \