Bug 727291 - Request to recompile libraries with -Wl,-z,relro flags
Summary: Request to recompile libraries with -Wl,-z,relro flags
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libgpg-error   
(Show other bugs)
Version: 6.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Nalin Dahyabhai
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 727296 RHEL62CCC 846801 846802
TreeView+ depends on / blocked
 
Reported: 2011-08-01 18:17 UTC by Irina Boverman
Modified: 2012-08-08 18:29 UTC (History)
4 users (show)

Fixed In Version: libgpg-error-1.7-4.el6
Doc Type: Bug Fix
Doc Text:
Previously, the libgpg-error package was compiled without the RELRO (read-only relocations) flag. Programs provided by this package were thus vulnerable to various attacks based on overwriting the ELF section of a program. To increase the security of the libgpg-error library, the libgpg-error spec file has been modified to use the "-Wl,-z,relro" flags when compiling the package. As a result, the libgpg-error package is now provided with partial RELRO protection.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-12-06 17:59:38 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1717 normal SHIPPED_LIVE libgpg-error enhancement update 2011-12-06 01:02:15 UTC

Comment 5 Miroslav Svoboda 2011-10-31 11:49:21 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, the libgpg-error package was compiled without the RELRO (read-only relocations) flag. Programs provided by this package were thus vulnerable to various attacks based on overwriting the ELF section of a program. To increase the security of the libgpg-error library, the libgpg-error spec file has been modified to use the "-Wl,-z,relro" flags when compiling the package. As a result, the libgpg-error package is now provided with partial RELRO protection.

Comment 6 errata-xmlrpc 2011-12-06 17:59:38 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1717.html


Note You need to log in before you can comment on or make changes to this bug.