[yocto] Does CVE-2015-7547 affect eglibc?
Mark Hatle
mark.hatle at windriver.com
Tue Feb 23 13:51:29 PST 2016
On 2/23/16 1:53 PM, Khem Raj wrote:
> On Tue, Feb 23, 2016 at 2:25 PM, Darcy Watkins
> <dwatkins at sierrawireless.com> wrote:
>> Hi,
>>
>> CVE-2015-7547 glibc vulnerability has been published as affecting glibc
>> since ver 2.9 (fixed in 2.23 and patched in 2.22 and 2.21).
>>
>> Anyone know if we need the same security fixes in eglibc?
>
> yes you do. Eglibc was nothing but glibc+few fixes.
Yes this affects all eglibc version 2.9 and newer up to glibc 2.23.
As far as I'm aware, this affects all Yocto Project versions up to 2.0.
(The patch referenced by the security announcement applies to all of the
versions of glibc I've needed to apply it to for my customers. A few per-line
tweaks might be necessary, but it was fairly easy.)
--Mark
>>
>> --
>>
>> Regards,
>>
>> Darcy
>>
>> ---
>>
>> Darcy Watkins
>> Staff Engineer, Firmware
>> Sierra Wireless
>> 13811 Wireless Way, Richmond, BC
>> Canada, V6V 3A4
>> [P1]
>>
>> --
>> _______________________________________________
>> yocto mailing list
>> yocto at yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/yocto
More information about the yocto
mailing list