diff options
author | Marcin KoĆcielnicki <mwk@0x04.net> | 2019-11-21 00:20:15 +0100 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2019-11-21 12:56:44 +0100 |
commit | d5dfad4326fc683c813df1e37bbf5cf920591c8e (patch) | |
tree | caf191d9e8e3dc6f42b0b5e2a04370ecc2858198 /NEWS | |
parent | 2a764c6ee848dfe92cb2921ed3b14085f15d9e79 (diff) | |
download | glibc-d5dfad4326fc683c813df1e37bbf5cf920591c8e.tar.gz |
rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204]
The problem was introduced in glibc 2.23, in commit
b9eb92ab05204df772eb4929eccd018637c9f3e9
("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -86,7 +86,11 @@ Changes to build and runtime requirements: Security related changes: - [Add security related changes here] + CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC + environment variable during program execution after a security + transition, allowing local attackers to restrict the possible mapping + addresses for loaded libraries and thus bypass ASLR for a setuid + program. Reported by Marcin KoĆcielnicki. The following bugs are resolved with this release: |