Opened 6 years ago

Closed 6 years ago

#10323 closed enhancement (fixed)


Reported by: ken@… Owned by: ken@…
Priority: high Milestone: 8.2
Component: BOOK Version: SVN
Severity: normal Keywords:


Fixes CVE-2018-5124, Arbitrary code execution through unsanitized browser UI

According to The Register, potential remote code execution after opening a malicious document or link.

Change History (4)

comment:1 by ken@…, 6 years ago

Owner: changed from blfs-book@… to ken@…
Status: newassigned

comment:2 by ken@…, 6 years ago

It built on my fast machine with 8 cores, but when I used a slower 4-core machine to check if the build was slower than before, it failed to compile the style cargo.

Retrying with --verbose it still fails, but reports a segmentation fault, invalid memory reference. That is with gcc-7.3 (which managed to build 58.0.

Possibly similar to - what a heap of fetid dingo's kidneys

comment:3 by ken@…, 6 years ago

I tried ac_add_options --disable-optimize but no backtrace.

I don't have any other recent desktops with a 7.3 version of g++. Retrying on the same machine with a build from December.

comment:4 by ken@…, 6 years ago

Resolution: fixed
Status: assignedclosed

swears - the build finished, but then it exited before installing. That is the sort of problem I had with rustc-1.23.0, but this is 1.22.1.

I should note that the machine with the segfault has had problems in the past - I suspect it lacks sufficient voltage for the RAM, with no option to change that - but it has been reliable since I started dropping the caches in an initscript. Maybe it will work on gcc-7.3.0 if I reduce the number of available CPUs with taskset : I'm trying that, it has now got past the compile of style, so possibly a local problem.


Note: See TracTickets for help on using tickets.