On 27/09/13 01:15, LANGLOIS Olivier PIS -EXT wrote: > Hi, > > I just checked what was the motivation for this 5th release and I have found: > > http://hmarco.org/bugs/CVE-2013-4788.html > > where it says: > > The vulnerability is caused due to the non initialization to a random value > (it is always zero) of the "pointer guard" by the glibc only when generating > static compiled executables. Dynamic executables are not affected. Pointer > guard is used to mangle the content of sensible pointers (longjmp, signal > handlers, etc.), if the pointer guard value is zero (non-initialized) then it > is not effective. > > So, out of curiosity, how big is the threat since I am under the impression > that almost 100% if not 100% of Arch binaries uses libc.so >
In short, I am not overly concerned about this. But fixing the issue was the right thing to do, so it will not spread any further. Allan
