[yocto] Does CVE-2015-7547 affect eglibc?
akuster808
akuster808 at gmail.com
Tue Feb 23 16:14:32 PST 2016
On 02/23/2016 02:52 PM, Darcy Watkins wrote:
> On Tue, 2016-02-23 at 13:51 -0800, Mark Hatle wrote:
>> On 2/23/16 1:53 PM, Khem Raj wrote:
>>> On Tue, Feb 23, 2016 at 2:25 PM, Darcy Watkins
>>>> CVE-2015-7547 glibc vulnerability has been published as affecting glibc
>>>> since ver 2.9 (fixed in 2.23 and patched in 2.22 and 2.21).
>>>>
>>>> Anyone know if we need the same security fixes in eglibc?
>>>
>>> yes you do. Eglibc was nothing but glibc+few fixes.
>>
>> Yes this affects all eglibc version 2.9 and newer up to glibc 2.23.
>>
>> As far as I'm aware, this affects all Yocto Project versions up to 2.0.
>
> I will be interested in knowing which Yocto Project versions will
> receive the fixes.
Master, 2.0 and 1.8 all have the fixes.
How far back do we go in matters like this?
1.7 (dizzy) I plan on doing soon. beyond that I do not know. those are
all community supported.
- armin
>
> Thanks in advance!
>
>> (The patch referenced by the security announcement applies to all of the
>> versions of glibc I've needed to apply it to for my customers. A few per-line
>> tweaks might be necessary, but it was fairly easy.)
>
>
More information about the yocto
mailing list