diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | elf/rtld.c | 3 |
3 files changed, 10 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog index 1795e284ef..e37f14f02a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2017-06-19 Florian Weimer <fweimer@redhat.com> + + [BZ #21624] + CVE-2017-1000366 + * elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for + __libc_enable_secure. + 2017-02-01 Andreas Schwab <schwab@linux-m68k.org> * sysdeps/m68k/m680x0/m68020/atomic-machine.h diff --git a/NEWS b/NEWS index 82a718ff64..d42af91972 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,7 @@ The following bugs are resolved with this release: [21289] Fix symbol redirect for fts_set [21386] Assertion in fork for distinct parent PID is incorrect + [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366) Version 2.24 diff --git a/elf/rtld.c b/elf/rtld.c index 647661ca45..215a9aec8f 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -2437,7 +2437,8 @@ process_envvars (enum mode *modep) case 12: /* The library search path. */ - if (memcmp (envline, "LIBRARY_PATH", 12) == 0) + if (!__libc_enable_secure + && memcmp (envline, "LIBRARY_PATH", 12) == 0) { library_path = &envline[13]; break; |