Opened 12 months ago

Closed 12 months ago

Last modified 12 months ago

#4709 closed task (fixed)

glibc-2.32

Reported by: Bruce Dubbs Owned by: lfs-book
Priority: high Milestone: 10.0
Component: Book Version: SVN
Severity: normal Keywords:
Cc:

Description

Change History (2)

comment:1 by Bruce Dubbs, 12 months ago

Resolution: fixed
Status: newclosed

fixed at revision 12011.

comment:2 by Douglas R. Reno, 12 months ago

Priority: normalhigh
Security related changes:

  CVE-2016-10228: An infinite loop has been fixed in the iconv program when
  invoked with the -c option and when processing invalid multi-byte input
  sequences.  Reported by Jan Engelhardt.

  CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
  corruption when they were passed a pseudo-zero argument.  Reported by Guido
  Vranken / ForAllSecure Mayhem.

  CVE-2020-1752: A use-after-free vulnerability in the glob function when
  expanding ~user has been fixed.

  CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
  memmove functions has been fixed.  Discovered by Jason Royes and Samual
  Dytrych of the Cisco Security Assessment and Penetration Team (See
  TALOS-2020-1019).

Only three of the issues affect us: CVE-2020-1752, CVE-2020-10029, and CVE-2016-10228.

Retroactively promoting to High so I can add errata

Note: See TracTickets for help on using tickets.