Re: glibc 2.18-5 question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 27/09/13 01:15, LANGLOIS Olivier PIS -EXT wrote:
> Hi,
> 
> I just checked what was the motivation for this 5th release and I have found:
> 
> http://hmarco.org/bugs/CVE-2013-4788.html
> 
> where it says:
> 
> The vulnerability is caused due to the non initialization to a random value (it is always zero) of the "pointer guard" by the glibc only when generating static compiled executables. Dynamic executables are not affected. Pointer guard is used to mangle the content of sensible pointers (longjmp, signal handlers, etc.), if the pointer guard value is zero (non-initialized) then it is not effective.
> 
> So, out of curiosity, how big is the threat since I am under the impression that almost 100% if not 100% of Arch binaries uses libc.so
>

In short, I am not overly concerned about this.  But fixing the issue
was the right thing to do, so it will not spread any further.

Allan



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux