#4709: glibc-2.32
--------------------+-----------------------
Reporter: bdubbs | Owner: lfs-book
Type: task | Status: closed
Priority: high | Milestone: 10.0
Component: Book | Version: SVN
Severity: normal | Resolution: fixed
Keywords: |
--------------------+-----------------------
Changes (by renodr):
* priority: normal => high
Comment:
{{{
Security related changes:
CVE-2016-10228: An infinite loop has been fixed in the iconv program
when
invoked with the -c option and when processing invalid multi-byte input
sequences. Reported by Jan Engelhardt.
CVE-2020-10029: Trigonometric functions on x86 targets suffered from
stack
corruption when they were passed a pseudo-zero argument. Reported by
Guido
Vranken / ForAllSecure Mayhem.
CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.
CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
memmove functions has been fixed. Discovered by Jason Royes and Samual
Dytrych of the Cisco Security Assessment and Penetration Team (See
TALOS-2020-1019).
}}}
Only three of the issues affect us: CVE-2020-1752, CVE-2020-10029, and
CVE-2016-10228.
Retroactively promoting to High so I can add errata
--
Ticket URL: <http://wiki.linuxfromscratch.org/lfs/ticket/4709#comment:2>
LFS Trac <http://wiki.linuxfromscratch.org/lfs/>
Linux From Scratch: Your Distro, Your Rules.
--
http://lists.linuxfromscratch.org/listinfo/lfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
