diff options
| author | Baruch Siach <baruch@tkos.co.il> | 2017-12-08 09:12:56 +0200 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2017-12-27 12:44:33 +0100 |
| commit | b568bf4541546431493fbe5a133b23ebca695040 (patch) | |
| tree | af8be2b2a373dd4f0d147dfe036c147512e08a60 /package/wireshark/wireshark.hash | |
| parent | d7886713ad93cd61eae3466c7f454ee5d20e7c07 (diff) | |
| download | buildroot-b568bf4541546431493fbe5a133b23ebca695040.tar.gz buildroot-b568bf4541546431493fbe5a133b23ebca695040.zip | |
glibc: security bump to the latest 2.26 branch
List of fixes from the 2.26 branch NEWS files:
CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
suffered from a one-byte overflow during ~ operator processing (either
on the stack or the heap, depending on the length of the user name).
Reported by Tim Rühsen.
CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
would sometimes fail to free memory allocated during ~ operator
processing, leading to a memory leak and, potentially, to a denial
of service.
CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
without GLOB_NOESCAPE, could write past the end of a buffer while
unescaping user names. Reported by Tim Rühsen.
CVE-2017-17426: The malloc function, when called with an object size near
the value SIZE_MAX, would return a pointer to a buffer which is too small,
instead of NULL. This was a regression introduced with the new malloc
thread cache in glibc 2.26. Reported by Iain Buclaw.
Cc: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 971ed9653e7434d5c02488405d6572483ee201e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/wireshark/wireshark.hash')
0 files changed, 0 insertions, 0 deletions
