mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-29 23:02:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
278d77034e08df0d49860705aa72d91e4af73d61
poky/meta
History
Mike Crowe 278d77034e glibc: Fix CVE-2023-4911 "Looney Tunables" 
Take the patch from the source for Debian's glibc 2.31-13+deb11u7
package, the changelog for which starts with:

 glibc (2.31-13+deb11u7) bullseye-security; urgency=medium

   * debian/patches/any/local-CVE-2023-4911.patch: Fix a buffer overflow in the
     dynamic loader's processing of the GLIBC_TUNABLES environment variable
     (CVE-2023-4911).

This addresses the "Looney Tunables" vulnerability described at
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

(From OE-Core rev: 9a800a2e2c2b14eab8c1f83cb4ac3b94a70dd23c)

Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-10-06 05:41:57 -10:00
..
classes
kernel: Fix path comparison in kernel staging dir symlinking
2023-09-15 03:47:11 -10:00
conf
yocto-uninative: Update to 4.3
2023-09-15 03:47:11 -10:00
files
classes/create-spdx: Backport
2023-04-01 20:23:23 +01:00
lib
oeqa/runtime/ltp: Increase ltp test output timeout
2023-09-15 03:47:11 -10:00
recipes-bsp
grub2.inc: remove '-O2' from CFLAGS
2023-08-27 10:54:46 -10:00
recipes-connectivity
openssh: Securiry fix for CVE-2023-38408
2023-09-15 03:47:11 -10:00
recipes-core
glibc: Fix CVE-2023-4911 "Looney Tunables"
2023-10-06 05:41:57 -10:00
recipes-devtools
nasm: update 2.15.03 -> 2.15.05
2023-10-04 05:17:51 -10:00
recipes-extended
ghostscript: fix CVE-2023-36664
2023-10-04 05:17:51 -10:00
recipes-gnome
gdk-pixbuf: CVE-2021-46829 a heap-based buffer overflow
2022-08-18 17:52:23 +01:00
recipes-graphics
libxpm: fix CVE-2022-46285
2023-10-04 05:17:50 -10:00
recipes-kernel
linux-yocto/5.4: update to v5.4.257
2023-10-04 05:17:51 -10:00
recipes-multimedia
libwebp: Fix CVE-2023-5129
2023-10-04 05:17:50 -10:00
recipes-rt
rt-tests: set branch name in SRC_URI
2021-09-10 16:21:36 +01:00
recipes-sato
puzzles: Upstream changed to main branch for development
2022-03-02 00:21:36 +00:00
recipes-support
vim: Upgrade 9.0.1664 -> 9.0.1894
2023-09-29 04:29:01 -10:00
site
site: Make sys_siglist default to no
2020-10-06 14:15:21 +01:00
COPYING.MIT
recipes.txt
Remove LSB support
2019-08-29 14:05:12 +01:00