Wind River Support Network

HomeDefectsLIN5-23188
Fixed

LIN5-23188 : Security Advisory - glibc - CVE-2017-1000366

Created: Jun 19, 2017    Updated: May 29, 2018
Resolved Date: Aug 16, 2017
Found In Version: 5.0.1.40
Fix Version: 5.0.1.41
Severity: Severe
Applicable for: Wind River Linux 5
Component/s: Toolchain

Description

This is an issue referred to as 'stack smash'.  See https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt for additional details.

Workaround

glibc preliminary patch:
(1) configure the project with option --enable-build-libc
(2) make -C build wrl-glibc-rebuild.patch
(3) cd build/wrl-glibc-rebuild-2.15-4.6a-153-r2/glibc-2.15-4.6a-153 #OR the version you are using#
(4) patch -Np1 < 0001-glibc-Preliminary-fix-to-CVE-2017-1000366.patch

Other Downloads


Live chat
Online