Look into and deal with CVE-2017-1000364 & CVE-2017-1000366

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364 & http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366

- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
- gentoo writeup is a good read: https://forums.gentoo.org/viewtopic-p-8082022.html?sid=b63f7015de4f20f0b80f3b96ba8e77c7 and https://wiki.gentoo.org/wiki/Hardened/Gentoo_Hardened_and_Stack_Clash
- and the gcc thread - http://openwall.com/lists/oss-security/2017/06/19/9

for buildroot - https://git.busybox.net/buildroot/commit/?id=d29c7196bf5e610123dcc697197d4013d5869f68

- [x] kernel patch for guard page size (using 3.9.33 plus patches from deb9u2) for v1.0.3-pre1
- [x] add `BR2_SSP_ALL=y` and `BR2_TOOLCHAIN_BUILDROOT_GLIBC=y` to amd64
- [x] add `BR2_SSP_ALL=y` and `BR2_TOOLCHAIN_BUILDROOT_GLIBC=y` to arm
- [x] add `BR2_SSP_ALL=y` and `BR2_TOOLCHAIN_BUILDROOT_GLIBC=y` to arm64
- [ ] watch for SSP fix for gcc
- [ ] see if adding SSP slows things down noticably

The 1.0.3 release is also going to update the os-base tools to on all 3 arch's to Buildroot to [v2017.02.3-1](https://github.com/rancher/os-base/releases/tag/v2017.02.3-1)




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Look into and deal with CVE-2017-1000364 & CVE-2017-1000366 #1932

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Look into and deal with CVE-2017-1000364 & CVE-2017-1000366 #1932

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions