diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | elf/rtld.c | 3 |
3 files changed, 10 insertions, 1 deletions
@@ -1,3 +1,10 @@ +2017-06-19 Florian Weimer <fweimer@redhat.com> + + [BZ #21624] + CVE-2017-1000366 + * elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for + __libc_enable_secure. + 2017-05-12 Florian Weimer <fweimer@redhat.com> [BZ #21386] @@ -15,6 +15,7 @@ The following bugs are resolved with this release: [21115] sunrpc: Use-after-free in error path in clntudp_call [21289] Fix symbol redirect for fts_set [21386] Assertion in fork for distinct parent PID is incorrect + [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366) Version 2.25 diff --git a/elf/rtld.c b/elf/rtld.c index a036ece956..2fc33a6178 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2418,7 +2418,8 @@ process_envvars (enum mode *modep) case 12: /* The library search path. */ - if (memcmp (envline, "LIBRARY_PATH", 12) == 0) + if (!__libc_enable_secure + && memcmp (envline, "LIBRARY_PATH", 12) == 0) { library_path = &envline[13]; break; |