My greeting to all I am new on yocto project and yocto build environment is also new to me ... My working task is removing vulnerabilities from libc library... The processor is based on arm5 while newer yoctos 2.7.x and 3.x. do not provide environment support for arm5 based processors.
The glibc vulnerabilities are fixed in the latest glibc 2.30 released. ( https://sourceware.org/ml/libc-alpha/2019-08/msg00029.html ) package while yocto 2.6.x includes 2.28 package. Also some of glibc vulnerabilities are patched in 2.6.4 (\oecore-thud-20.0.4.tar\oecore-thud-20.0.4\meta\recipes-core\glibc\glibc): CVE-2016-10739 CVE-2018-19591 CVE-2019-6488 CVE-2019-7309 CVE-2019-9169 while there are some others those have not been patched: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3590 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7254 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20796 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9192 Does anyone know whether new vulnerability patches will be applied for yocto 2.6.5 and when will be released yocto 2.6.5 ? Thank you in advance Milun
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#47603): https://lists.yoctoproject.org/g/yocto/message/47603 Mute This Topic: https://lists.yoctoproject.org/mt/67793912/21656 Mute #yocto: https://lists.yoctoproject.org/mk?hashtag=yocto&subid=6691583 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
