A new update for the Advance Toolchain for PowerLinux 7.1 is available, featuring several fixes for bugs and security issues in glibc and OpenSSL.
Advance Toolchain for PowerLinux 7.1-5 new features
- The GNU C Library provides:
- Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow.
- Fix CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r.
- Fix CVE-2015-8779: catopen() Multiple unbounded stack allocations.
- Fix CVE-2015-8776: Passing out of range data to strftime() causes a segfault.
- Fix for assertion failure in res_query.c with un-connectable name server addresses.
- Fix memory handling in strxfrm_l.
- Harden tls_dtor_list with pointer mangling.
- Always enable pointer guard.
- OpenSSL provides fixes for CVE-2016-0701, CVE-2015-3197 and more 6 security advisories.
Complete list and details of bug/performance fixes is available at the official IBM website for the Advance Toolchain.
For more information about Power architecture and the OpenPOWER ecosystem, please visit the official OpenPOWER Foundation website. You can also follow our PowerLinux Community blog.
* The IBM logo is property of IBM Corporation. Courtesy of International Business Machines Corporation. Unauthorized use not permitted.