Wind River Support Network

HomeDefectsLIN8-3357
Fixed

LIN8-3357 : Security Advisory - glibc - CVE-2015-8778

Created: Apr 25, 2016    Updated: Dec 3, 2018
Resolved Date: May 22, 2016
Found In Version: 8.0
Fix Version: 8.0.0.6
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Toolchain

Description

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8778

Workaround

Apply the attached patch to layers/oe-core

Other Downloads

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube