This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/25204] LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126)
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Fri, 22 Nov 2019 13:00:57 +0000
- Subject: [Bug dynamic-link/25204] LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126)
- Auto-submitted: auto-generated
- References: <bug-25204-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=25204
--- Comment #11 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.27/master branch has been updated by Florian Weimer
<fw@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4d5cfeb510125345cb41431afc9022492994cffa
commit 4d5cfeb510125345cb41431afc9022492994cffa
Author: Marcin Kościelnicki <mwk@0x04.net>
Date: Thu Nov 21 00:20:15 2019 +0100
rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC
(CVE-2019-19126) [BZ #25204]
The problem was introduced in glibc 2.23, in commit
b9eb92ab05204df772eb4929eccd018637c9f3e9
("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").
(cherry picked from commit d5dfad4326fc683c813df1e37bbf5cf920591c8e)
--
You are receiving this mail because:
You are on the CC list for the bug.