Wind River Support Network

HomeDefectsLIN6-11114
Fixed

LIN6-11114 : Security Advisory - glibc - CVE-2015-8778

Created: Apr 25, 2016    Updated: Dec 3, 2018
Resolved Date: Jun 6, 2017
Found In Version: 6.0.0.29
Fix Version: 6.0.0.34
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Toolchain

Description

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8778

Workaround

configure --with-tempalte=feature/build_libc

make -C build eglibc-sourcery-compile.patch

cd /glibc-src-of-eglibc-sourcery-compile/

patch -p2 < /path-to-attached-patch 

Other Downloads


Live chat
Online