Fixing vulnerabilities in glibc #yocto


Milun Jovanovic
 

My greeting to all
I am new on yocto project and yocto build environment is also new to me ...
My working task is removing  vulnerabilities from libc library...
The processor is based on arm5 while newer yoctos 2.7.x and 3.x. do not provide environment support for arm5 based processors.

The glibc vulnerabilities are fixed in the latest glibc 2.30 released. package while yocto 2.6.x  includes 2.28 package.
Also some of glibc vulnerabilities are patched in 2.6.4 (\oecore-thud-20.0.4.tar\oecore-thud-20.0.4\meta\recipes-core\glibc\glibc):

CVE-2016-10739
CVE-2018-19591
CVE-2019-6488
CVE-2019-7309
CVE-2019-9169
while there are some others those have not been patched:

Join yocto@lists.yoctoproject.org to automatically receive all group messages.