diff options
author | Mike Crowe <mac@mcrowe.com> | 2023-10-05 21:40:30 +0100 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-10-06 05:41:57 -1000 |
commit | 278d77034e08df0d49860705aa72d91e4af73d61 (patch) | |
tree | 30e6edd3ed7bed0755584827c41aa5d31695e153 /meta/recipes-extended | |
parent | c0535262c8799c687fb0d5bdd7d1182ce768e3d5 (diff) | |
download | poky-278d77034e08df0d49860705aa72d91e4af73d61.tar.gz |
glibc: Fix CVE-2023-4911 "Looney Tunables"
Take the patch from the source for Debian's glibc 2.31-13+deb11u7
package, the changelog for which starts with:
glibc (2.31-13+deb11u7) bullseye-security; urgency=medium
* debian/patches/any/local-CVE-2023-4911.patch: Fix a buffer overflow in the
dynamic loader's processing of the GLIBC_TUNABLES environment variable
(CVE-2023-4911).
This addresses the "Looney Tunables" vulnerability described at
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
(From OE-Core rev: 9a800a2e2c2b14eab8c1f83cb4ac3b94a70dd23c)
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-extended')
0 files changed, 0 insertions, 0 deletions