Wind River Support Network

HomeDefectsLIN6-13114
Fixed

LIN6-13114 : Security Advisory - glibc - CVE-2017-1000366

Created: Jun 19, 2017    Updated: Dec 3, 2018
Resolved Date: Sep 24, 2017
Found In Version: 6.0.0.33
Fix Version: 6.0.0.35
Severity: Severe
Applicable for: Wind River Linux 6
Component/s: Toolchain

Description

This is an issue referred to as 'stack smash'.  See https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt for additional details.

Workaround

glibc preliminary patch: 
(1) configure the project with option --with-template=feature/build_libc
(2) make -C build eglibc-sourcery-compile.patch
(3) cd build/eglibc-sourcery-compile/glibc-2.18-4.8
(4) patch -Np2 < 0001-glibc-Preliminary-fix-to-CVE-2017-1000366.patch

Other Downloads

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube