musl: add upstream security fix for CVE-2017-15650 - buildroot

diff options

author	Peter Korsgaard <peter@korsgaard.com>	2017-10-21 21:12:59 +0200
committer	Peter Korsgaard <peter@korsgaard.com>	2017-10-21 23:00:45 +0200
commit	209f42fd3a5f4357e22fb72f1597a6868566aabd (patch)
tree	bd9ab553572edbbee9200719e0110e6b6caa17de /package/glibc/0005-Provide-a-C-version-of-iszero-that-does-not-use-__MA.patch
parent	5f50fb8d1df51b622537da015f8c3b7b6dcbbc35 (diff)
download	buildroot-209f42fd3a5f4357e22fb72f1597a6868566aabd.tar.gz buildroot-209f42fd3a5f4357e22fb72f1597a6868566aabd.zip

musl: add upstream security fix for CVE-2017-15650

>From the upstream announcement: http://www.openwall.com/lists/oss-security/2017/10/19/5 Felix Wilhelm has discovered a flaw in the dns response parsing for musl libc 1.1.16 that leads to overflow of a stack-based buffer. Earlier versions are also affected. When an application makes a request via getaddrinfo for both IPv4 and IPv6 results (AF_UNSPEC), an attacker who controls or can spoof the nameservers configured in resolv.conf can reply to both the A and AAAA queries with A results. Since A records are smaller than AAAA records, it's possible to fit more addresses than the precomputed bound, and a buffer overflow occurs. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Diffstat (limited to 'package/glibc/0005-Provide-a-C-version-of-iszero-that-does-not-use-__MA.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: