[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27429: Stack clash (CVE-2017-1000366 etc)

From: Leo Famulari
Subject: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Fri, 23 Jun 2017 13:20:38 -0400
User-agent: Mutt/1.8.3 (2017-05-23)

On Wed, Jun 21, 2017 at 12:50:45PM +0300, Efraim Flashner wrote:
> Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366.
> * gnu/packages/base.scm (glibc/linux)[replacement]: New field.
> (glibc-2.25-fixed): New variable.
> (address@hidden, address@hidden, address@hidden, address@hidden)[source]: Add 
> patches.
> [replacement]: New field.
> (glibc-locales)[replacement]: New field.
> * gnu/packages/commencement.scm (cross-gcc-wrapper)[replacement]: New field.
> * gnu/packages/patches/glibc-CVE-2017-1000366.patch,
> gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch,
> gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch: New files.
> * gnu/local.mk (dist_patch_DATA): Add them.

I've applied this patch to my Guix-on-foreign-distro workstation.
Everything seems to be working so far.

I noticed that grafted packages do not seem refer directly to the
replacement glibc. For example:

$ ./pre-inst-env guix build -e '(@@ (gnu packages base) glibc-2.25-patched)'
$ guix gc --references /gnu/store/7gqx6nd64hn9wdqmppp8h42ncfx246c0-glibc-2.25
$ guix gc --references $(./pre-inst-env guix build libressl)

However, I haven't had time to dig in and wrap my head around the glibc

By the way, Qualys will probably begin publishing their exploits on
Tuesday [0]:

"We have discussed this internally, and we will first publish the Stack
Clash exploits and proofs-of-concepts that we sent to the distros@ and
linux-distros@ lists, plus our Linux ld.so exploit for amd64, and our
Solaris rsh exploit.

We will do so next Tuesday, but we will publish our Linux exploits and
proofs-of-concept if and only if Fedora updates are ready by then, our
NetBSD proof-of-concept if and only if NetBSD patches are ready by then,
and our FreeBSD proofs-of-concept if and only if FreeBSD patches are
ready by then."

[0] <http://seclists.org/oss-sec/2017/q2/548>

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]