[ubuntu/yakkety-updates] glibc 2.24-3ubuntu2.2 (Accepted)

Ubuntu Archive Robot Mon, 19 Jun 2017 09:59:12 -0700

glibc (2.24-3ubuntu2.2) yakkety-security; urgency=medium

  * SECURITY UPDATE: LD_LIBRARY_PATH stack corruption
    - debian/patches/any/CVE-2017-1000366.patch: Completely ignore
      LD_LIBRARY_PATH for AT_SECURE=1 programs
    - CVE-2017-1000366
  * SECURITY UPDATE: LD_PRELOAD stack corruption
    - 
debian/patches/any/upstream-harden-rtld-Reject-overly-long-LD_PRELOAD.patch:
      Reject overly long names or names containing directories in
      LD_PRELOAD for AT_SECURE=1 programs.
    - debian/patches/any/cve-i686-Add-missing-IS_IN-libc-guards.patch:
      prerequisite patch
  * debian/patches/any/cvs-harden-glibc-malloc-metadata.patch: add
    additional consistency check for 1-byte overflows
  * debian/patches/any/cvs-harden-ignore-LD_HWCAP_MASK.patch: ignore
    LD_HWCAP_MASK for AT_SECURE=1 programs


Date: 2017-06-16 19:20:15.874982+00:00
Changed-By: Steve Beattie <sbeat...@ubuntu.com>
Signed-By: Ubuntu Archive Robot 
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/glibc/2.24-3ubuntu2.2

Sorry, changesfile not available.

-- 
Yakkety-changes mailing list
Yakkety-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/yakkety-changes

[ubuntu/yakkety-updates] glibc 2.24-3ubuntu2.2 (Accepted)

Reply via email to