Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to glibc 2.34 #162

Closed
HeikoH opened this issue Aug 18, 2021 · 1 comment · Fixed by #164
Closed

Update to glibc 2.34 #162

HeikoH opened this issue Aug 18, 2021 · 1 comment · Fixed by #164

Comments

@HeikoH
Copy link

HeikoH commented Aug 18, 2021

An update 2.34 would be much appreciated, given it addresses some CVEs:

CVE-2021-27645: The nameserver caching daemon (nscd), when processing
a request for netgroup lookup, may crash due to a double-free,
potentially resulting in degraded service or Denial of Service on the
local system. Reported by Chris Schanzle.

CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask.

CVE-2021-35942: The wordexp function may overflow the positional
parameter number when processing the expansion resulting in a crash.
Reported by Philippe Antoine.
@sgerrand
Copy link
Owner

Thanks for the reminder! I'll release v2.34 tomorrow. 👌

@sgerrand sgerrand mentioned this issue Aug 19, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update glibc to v2.34 sgerrand/alpine-pkg-glibc
2 participants
@sgerrand @HeikoH