[Buildroot] [PATCH-2023.02.x] package/{glibc, localedef}: security bump to version glibc-2.36-118-g22955ad85186ee05834e47e665056148ca07699c
Peter Korsgaard
peter at korsgaard.com
Sun Oct 8 15:59:42 UTC 2023
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the
> environment of a setuid program and NAME is valid, it may result in a
> buffer overflow, which could be exploited to achieve escalated
> privileges. This flaw was introduced in glibc 2.34.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2023.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list