On 05/07/2015 06:19 PM, Haris Okanovic wrote:
Backport Arjun Shankar's patch for CVE-2015-1781:
A buffer overflow flaw was found in the way glibc's gethostbyname_r() and
other related functions computed the size of a buffer when passed a
misaligned buffer as input. An attacker able to make an application call
any of these functions with a misaligned buffer could use this flaw to
crash the application or, potentially, execute arbitrary code with the
permissions of the user running the application.
https://sourceware.org/bugzilla/show_bug.cgi?id=18287
Signed-off-by: Haris Okanovic <[email protected]>
Signed-off-by: Ken Sharp <[email protected]>
Reviewed-by: Rich Tollerton <[email protected]>
---
Note that this patch is to apply to the Dizzy branch of
openembedded-core (glibc 2.20). It might cleanly apply to other branches
also using glibc 2.20, but I've only tested with Dizzy.
CVE-2015-1781 is fixed in glibc 2.22 and later.
Thanks,
Haris
--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
