[OE-core] [oe] [RFT] Glibc 2.23 and binutils 2.26
akuster808
akuster808 at gmail.com
Fri Jan 22 01:28:54 UTC 2016
On 01/17/2016 03:54 AM, Khem Raj wrote:
> Hi all
>
> upstream glibc and binutils release branches have been cut out and are being made ready for next release
> I have put together update patchset for both of them
>
> here are the branches
>
> https://github.com/kraj/openembedded-core/tree/kraj/binutils-2.26
> https://github.com/kraj/openembedded-core/tree/kraj/glibc-2.23
Several Security fixes will be included in glibc-2.23 update.
https://bugzilla.yoctoproject.org/show_bug.cgi?id=8980
CVE-2015-8776 - Passing out of range data to strftime() causes a segfault
https://sourceware.org/bugzilla/show_bug.cgi?id=18985
CVE-2015-8777 - LD_POINTER_GUARD is not ignored for privileged binaries
https://sourceware.org/bugzilla/show_bug.cgi?id=18928
CVE-2015-8778 - hcreate((size_t)-1) should fail with ENOMEM
https://sourceware.org/bugzilla/show_bug.cgi?id=18240
CVE-2014-9761 - nan function unbounded stack allocation
https://sourceware.org/bugzilla/show_bug.cgi?id=16962
CVE-2015-8779 - catopen() Multiple unbounded stack allocations
https://sourceware.org/bugzilla/show_bug.cgi?id=17905
>
> FYI These are still using autorev to ensure that we test tip of release branches
>
> Please give them a shot in your environments and report any issues you encounter.
BTW, Mips64 Octeon3 works fine. Aarch64 qemu boot tested.
- Armin
>
> Thanks for help
>
> -Khem
>
>
>
>
>
More information about the Openembedded-core
mailing list