[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27429: Stack clash (CVE-2017-1000366 etc)
From: |
Leo Famulari |
Subject: |
bug#27429: Stack clash (CVE-2017-1000366 etc) |
Date: |
Mon, 19 Jun 2017 20:49:20 -0400 |
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On the glibc bugs (CVE-2016-1000366), civodul said:
[21:02:26] <civodul> lfam: i *think* GuixSD is immune to the
LD_LIBRARY_PATH one, FWIW
[...]
[21:02:43] <civodul> lfam: because of the way is_trusted_path works
in glibc
https://gnunet.org/bot/log/guix/2017-06-19#T1422600
Relevant upstream commits:
CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624]
https://sourceware.org/git/?p=glibc.git;a=commit;h=f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d
ld.so: Reject overly long LD_PRELOAD path elements
https://sourceware.org/git/?p=glibc.git;a=commit;h=6d0ba622891bed9d8394eef1935add53003b12e8
ld.so: Reject overly long LD_AUDIT path elements:
https://sourceware.org/git/?p=glibc.git;a=commit;h=81b82fb966ffbd94353f793ad17116c6088dedd9
signature.asc
Description: PGP signature
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/19
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/19
- bug#27429: Stack clash (CVE-2017-1000366 etc),
Leo Famulari <=
- bug#27429: Stack clash (CVE-2017-1000366 etc), Efraim Flashner, 2017/06/20
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/20
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/20
- bug#27429: Stack clash (CVE-2017-1000366 etc), Efraim Flashner, 2017/06/21
- bug#27429: Stack clash (CVE-2017-1000366 etc), Efraim Flashner, 2017/06/21
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/21
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/21
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/22
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/22
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/22