mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-31 12:49:46 +00:00
Code Issues Projects Releases Wiki Activity

glibc: CVE-2017-15670

Browse Source 
Source: git://sourceware.org/git/glibc.git
MR: 76647
Type: Security Fix
Disposition: Backport from glibc-2.27
ChangeID: f4494e472d36748c2b3171a91640b26c638f6e0b
Description:

CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
Affects: glibc < 2.27

(From OE-Core rev: 25bd45375fd90489a3d80955b2f0f7c800e9fc9a)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Thiruvadi Rajaraman
2017-11-16 18:31:26 +05:30
committed by Richard Purdie
parent b6a0e9dd64
commit 40cfd513e9
2 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
+38
View File
@@ -0,0 +1,38 @@
commit a76376df7c07e577a9515c3faa5dbd50bda5da07
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri Oct 20 18:41:14 2017 +0200
CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
Upstream-Status: Backport
CVE: CVE-2017-15670
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Index: git/ChangeLog
===================================================================
--- git.orig/ChangeLog 2017-11-16 18:12:32.457928327 +0530
+++ git/ChangeLog 2017-11-16 18:18:24.423642908 +0530
@@ -1,3 +1,9 @@
+2017-10-20 Paul Eggert <eggert@cs.ucla.edu>
+
+ [BZ #22320]
+ CVE-2017-15670
+ * posix/glob.c (__glob): Fix one-byte overflow.
+
2017-05-05 Florian Weimer <fweimer@redhat.com>
[BZ #21461]
Index: git/posix/glob.c
===================================================================
--- git.orig/posix/glob.c 2017-11-16 18:12:14.833843602 +0530
+++ git/posix/glob.c 2017-11-16 18:16:39.511127432 +0530
@@ -856,7 +856,7 @@
*p = '\0';
}
else
- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
= '\0';
user_name = newp;
}
meta/recipes-core/glibc/glibc_2.24.bb
+1
View File
@@ -57,6 +57,7 @@ SRC_URI += "\
file://generate-supported.mk \
file://0001-locale-fix-hard-coded-reference-to-gcc-E.patch \
file://CVE-2017-8804.patch \
file://CVE-2017-15670.patch \
"
SRC_URI_append_class-nativesdk = "\