Summary: | <sys-libs/glibc-2.23-r4: arbitrary code execution through crafted LD_LIBRARY_PATH values (CVE-2017-1000366) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | alexander, bug, ch4os, luke, moonlapse81, sudormrfhalt, toolchain |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A1 [glsa cve] | ||
Package list: |
sys-libs/glibc-2.23-r4
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 608698, 608706 |
Description
GLSAMaker/CVETool Bot
2017-06-19 15:13:32 UTC
commit 452762af067805761989321f36838ee45168298c (HEAD -> master, origin/master, origin/HEAD) Author: Matthias Maier <tamiko@gentoo.org> Date: Wed Jun 14 18:34:42 2017 -0500 sys-libs/glibc: bump 2.25 to patchset 5 Package-Manager: Portage-2.3.6, Repoman-2.3.2 commit 20b7b97d561539d1197f068521879951de2379ce Author: Matthias Maier <tamiko@gentoo.org> Date: Wed Jun 14 18:33:33 2017 -0500 sys-libs/glibc: bump 2.24 to patchset 8 Package-Manager: Portage-2.3.6, Repoman-2.3.2 commit 641b52c3d15af21c1f329c4d9fa76dbb059ab070 Author: Matthias Maier <tamiko@gentoo.org> Date: Thu Jun 8 12:15:53 2017 -0500 sys-libs/glibc: mark 2.23 stable for amd64 and x86 Package-Manager: Portage-2.3.6, Repoman-2.3.2 commit c46d0e63310fe68ed4bf6a3b0c3fbcc5d4d9918b Author: Matthias Maier <tamiko@gentoo.org> Date: Thu Jun 8 12:14:52 2017 -0500 sys-libs/glibc: bump 2.23 to patchset 8 Package-Manager: Portage-2.3.6, Repoman-2.3.2 @ Arches, please test and mark stable: =sys-libs/glibc-2.23-r4 This issue was resolved and addressed in GLSA 201706-19 at https://security.gentoo.org/glsa/201706-19 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architectures. ia64 stable ppc stable ppc64 stable arm stable Stable on alpha. sparc stable Remaining arches: m68k, arm64 I will proceed with masking vulnerable glibc versions, glibc-2.23-r4 is marked stable on all stable arches. arm64 done old glibc versions are masked and m68k is not a security supported arch. |