727291 – Request to recompile libraries with -Wl,-z,relro flags

Bug 727291 - Request to recompile libraries with -Wl,-z,relro flags

Summary: Request to recompile libraries with -Wl,-z,relro flags

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libgpg-error
Sub Component:
Version:	6.1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Nalin Dahyabhai
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	RHEL62CCC 727296 846801 846802
TreeView+	depends on / blocked

Reported:	2011-08-01 18:17 UTC by Irina Boverman
Modified:	2012-08-08 18:29 UTC (History)
CC List:	4 users (show)
Fixed In Version:	libgpg-error-1.7-4.el6
Doc Type:	Bug Fix
Doc Text:	Previously, the libgpg-error package was compiled without the RELRO (read-only relocations) flag. Programs provided by this package were thus vulnerable to various attacks based on overwriting the ELF section of a program. To increase the security of the libgpg-error library, the libgpg-error spec file has been modified to use the "-Wl,-z,relro" flags when compiling the package. As a result, the libgpg-error package is now provided with partial RELRO protection.
Clone Of:
Environment:
Last Closed:	2011-12-06 17:59:38 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:1717	0	normal	SHIPPED_LIVE	libgpg-error enhancement update	2011-12-06 01:02:15 UTC

Comment 5 Miroslav Svoboda 2011-10-31 11:49:21 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, the libgpg-error package was compiled without the RELRO (read-only relocations) flag. Programs provided by this package were thus vulnerable to various attacks based on overwriting the ELF section of a program. To increase the security of the libgpg-error library, the libgpg-error spec file has been modified to use the "-Wl,-z,relro" flags when compiling the package. As a result, the libgpg-error package is now provided with partial RELRO protection.

Comment 6 errata-xmlrpc 2011-12-06 17:59:38 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1717.html

Note You need to log in before you can comment on or make changes to this bug.