stable

FEDORA-2015-7174c4d68d created by fweimer 6 years ago for Fedora 23

This update re-adds large file support to the openat function, removes support for the LD_POINTER_GUARD environment variable (which could be used to weaken security protections in AT_SECURE/SUID binaries), and adds function pointer obfuscation to the TLS destructor list.

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2015-7174c4d68d

This update has been submitted for testing by fweimer.

6 years ago
User Icon praiskup commented & provided feedback 6 years ago

Testing GNU tar build: ... 132: extracting sparse file over a pipe ok 133: storing sparse files > 8G ok 134: storing long sparse file names ok ... Looks fine, thanks for quick fix!

BZ#1288662 openat() && write() broken on i386 with _FILE_OFFSET_BITS 64
User Icon praiskup provided feedback 6 years ago
karma
User Icon fweimer commented & provided feedback 6 years ago

Basic postgresql-server and mariadb-server usage still works. Login via OpenSSH works as well. Disassembly of libc.so.6 shows the presence of the tls_dtor_list change. Test case from #1288662 now passes.

BZ#1276761 CVE-2015-8777 glibc: apply additional pointer guard hardening
BZ#1288662 openat() && write() broken on i386 with _FILE_OFFSET_BITS 64
User Icon hreindl commented & provided feedback 6 years ago
karma

works for me on several production VMs and my homeserver running all sort of services using openssl

User Icon dhgutteridge commented & provided feedback 6 years ago
karma

No regressions noted.

This update has been pushed to testing.

6 years ago

This update has been submitted for stable by bodhi.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
BZ#1276761 CVE-2015-8777 glibc: apply additional pointer guard hardening
0
1
BZ#1288662 openat() && write() broken on i386 with _FILE_OFFSET_BITS 64
0
1

Automated Test Results