[yocto] Does CVE-2015-7547 affect eglibc?
Darcy Watkins
dwatkins at sierrawireless.com
Tue Feb 23 14:52:49 PST 2016
On Tue, 2016-02-23 at 13:51 -0800, Mark Hatle wrote:
> On 2/23/16 1:53 PM, Khem Raj wrote:
> > On Tue, Feb 23, 2016 at 2:25 PM, Darcy Watkins
> >> CVE-2015-7547 glibc vulnerability has been published as affecting glibc
> >> since ver 2.9 (fixed in 2.23 and patched in 2.22 and 2.21).
> >>
> >> Anyone know if we need the same security fixes in eglibc?
> >
> > yes you do. Eglibc was nothing but glibc+few fixes.
>
> Yes this affects all eglibc version 2.9 and newer up to glibc 2.23.
>
> As far as I'm aware, this affects all Yocto Project versions up to 2.0.
I will be interested in knowing which Yocto Project versions will
receive the fixes. How far back do we go in matters like this?
Thanks in advance!
> (The patch referenced by the security announcement applies to all of the
> versions of glibc I've needed to apply it to for my customers. A few per-line
> tweaks might be necessary, but it was fairly easy.)
--
Regards,
Darcy
---
Darcy Watkins
Staff Engineer, Firmware
Sierra Wireless
13811 Wireless Way, Richmond, BC
Canada, V6V 3A4
[P1]
More information about the yocto
mailing list