This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/15754] CVE-2013-4788: PTR_MANGLE does not initialize to a random value for the pointer guard when compiling static executables
- From: "carlos at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 23 Sep 2013 04:55:35 +0000
- Subject: [Bug libc/15754] CVE-2013-4788: PTR_MANGLE does not initialize to a random value for the pointer guard when compiling static executables
- Auto-submitted: auto-generated
- References: <bug-15754-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=15754
Carlos O'Donell <carlos at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #3 from Carlos O'Donell <carlos at redhat dot com> ---
commit c61b4d41c9647a54a329aa021341c0eb032b793e
Author: Carlos O'Donell <carlos@redhat.com>
Date: Mon Sep 23 00:52:09 2013 -0400
BZ #15754: CVE-2013-4788
The pointer guard used for pointer mangling was not initialized for
static applications resulting in the security feature being disabled.
The pointer guard is now correctly initialized to a random value for
static applications. Existing static applications need to be
recompiled to take advantage of the fix.
The test tst-ptrguard1-static and tst-ptrguard1 add regression
coverage to ensure the pointer guards are sufficiently random
and initialized to a default value.
--
You are receiving this mail because:
You are on the CC list for the bug.