glibc: Fix CVE-2023-4911 "Looney Tunables" - linux/poky.git

diff options

author	Mike Crowe <mac@mcrowe.com>	2023-10-05 21:40:30 +0100
committer	Steve Sakoman <steve@sakoman.com>	2023-10-06 05:41:57 -1000
commit	278d77034e08df0d49860705aa72d91e4af73d61 (patch)
tree	30e6edd3ed7bed0755584827c41aa5d31695e153 /meta/recipes-extended
parent	c0535262c8799c687fb0d5bdd7d1182ce768e3d5 (diff)
download	poky-278d77034e08df0d49860705aa72d91e4af73d61.tar.gz

glibc: Fix CVE-2023-4911 "Looney Tunables"

Take the patch from the source for Debian's glibc 2.31-13+deb11u7 package, the changelog for which starts with: glibc (2.31-13+deb11u7) bullseye-security; urgency=medium * debian/patches/any/local-CVE-2023-4911.patch: Fix a buffer overflow in the dynamic loader's processing of the GLIBC_TUNABLES environment variable (CVE-2023-4911). This addresses the "Looney Tunables" vulnerability described at https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt (From OE-Core rev: 9a800a2e2c2b14eab8c1f83cb4ac3b94a70dd23c) Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-extended')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: