[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27429: Stack clash (CVE-2017-1000366 etc)
From: |
Mark H Weaver |
Subject: |
bug#27429: Stack clash (CVE-2017-1000366 etc) |
Date: |
Fri, 23 Jun 2017 16:03:24 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Leo Famulari <address@hidden> writes:
> On Fri, Jun 23, 2017 at 02:36:41PM -0400, Mark H Weaver wrote:
>> Most packages are linked with 'glibc-final' in (gnu packages
>> commencement), and we should expect them to now be linked with *its*
>> replacement. Try this to find the expected glibc-final replacement:
>>
>> ./pre-inst-env guix build -e '((@@ (guix packages) package-replacement)
>> (@@ (gnu packages commencement) glibc-final))'
>
> Thank you for the clarification. Indeed, with Efraim's latest patch,
> packages seem to be referring to the replacement for glibc-final.
That's good news!
> So, do we think this patch is ready to apply? AFAIK, nobody has yet
> tried upgrading a GuixSD system with this patch. I won't have access to
> my bare-metal GuixSD system for the next few days.
I think someone should try reconfiguring their GuixSD system and booting
into it before we apply it to master. I might be able to do it tonight,
or else I can do it tomorrow.
Mark
- bug#27429: Stack clash (CVE-2017-1000366 etc), (continued)
- bug#27429: Stack clash (CVE-2017-1000366 etc), Efraim Flashner, 2017/06/21
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/21
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/21
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/22
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/22
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/22
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/22
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/23
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/23
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/23
- bug#27429: Stack clash (CVE-2017-1000366 etc),
Mark H Weaver <=
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/24
- bug#27429: Stack clash (CVE-2017-1000366 etc), Ludovic Courtès, 2017/06/26
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/26
- bug#27429: Stack clash (CVE-2017-1000366 etc), Ludovic Courtès, 2017/06/27
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/28
bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/19
bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check, Danny Milosavljevic, 2017/06/25