Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1398413 - glibc: backport libio vtable hardening
glibc: backport libio vtable hardening
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: glibc (Show other bugs)
7.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: DJ Delorie
Sergey Kolosov
: Patch
: 1372306 (view as bug list)
Depends On:
Blocks: 1372375 1473718
  Show dependency treegraph
 
Reported: 2016-11-24 13:24 EST by Florian Weimer
Modified: 2018-05-28 05:10 EDT (History)
7 users (show)

See Also:
Fixed In Version: glibc-2.17-204.el7
Doc Type: Enhancement
Doc Text:
All FILE*-based operations are now hardened against malicious attacks that attempt to manipulate function control flow by writing to the underlying FILE* memory. If a manipulation of the FILE* memory is detected the process is terminated.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-04-10 09:58:28 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Sourceware 20191 None None None 2016-11-24 13:24 EST
Red Hat Product Errata RHSA-2018:0805 None None None 2018-04-10 10:00 EDT

  None (edit)
Description Florian Weimer 2016-11-24 13:24:28 EST
The upstream commit is:

commit db3476aff19b75c4fdefbe65fcd5f0a90588ba51
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Jun 23 20:01:40 2016 +0200

    libio: Implement vtable verification [BZ #20191]

This was released with Fedora 25, which should give us sufficient testing coverage in the real world.
Comment 8 Florian Weimer 2018-04-03 08:02:57 EDT
*** Bug 1372306 has been marked as a duplicate of this bug. ***
Comment 10 errata-xmlrpc 2018-04-10 09:58:28 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0805

Note You need to log in before you can comment on or make changes to this bug.