-
-
Notifications
You must be signed in to change notification settings - Fork 14.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
glibc: cherry-pick fix for CVE-2023-4911 "Looney Tunables" #258856
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Patch matches the relevant part of https://sourceware.org/git/?p=glibc.git;a=commit;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa "tunables: Terminate if end of input is reached (CVE-2023-4911)"
Thanks!
Until this gets merged I am running an overlay like this on my machine:
this should be equivalent or am I missing something? |
What you wrote will build glibc twice... first it will build an unpatched For personal use, probably not a big deal. Avoiding build-everything-twice is why I had to put a copy of the patch in the PR. You might be able to avoid this by using PS, you can drop the |
I see, so
This error message should probably get improved in the lines of "you are using the minimalistic version of That's why I ended up with:
which is quite ugly.
Oh didn't know that. So if they upgrade cgit build might break because hash will be different. But doesn't
Ah yeah, thx. |
Description of changes
There is a working exploit.
Upstream fix commit
Things done
See also