48c9ffecff
ref: - https://github.com/bminor/glibc/commits/release/2.38/master - https://github.com/bminor/glibc/blob/release/2.38/master/NEWS Security related changes: CVE-2023-4527: If the system is configured in no-aaaa mode via /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address family, and a DNS response is received over TCP that is larger than 2048 bytes, getaddrinfo may potentially disclose stack contents via the returned address data, or crash. CVE-2023-4806: When an NSS plugin only implements the _gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use memory that was freed during buffer resizing, potentially causing a crash or read or write to arbitrary memory. CVE-2023-5156: The fix for CVE-2023-4806 introduced a memory leak when an application calls getaddrinfo for AF_INET6 with AI_CANONNAME, AI_ALL and AI_V4MAPPED flags set. CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the environment of a setuid program and NAME is valid, it may result in a buffer overflow, which could be exploited to achieve escalated privileges. This flaw was introduced in glibc 2.34. The following bugs are resolved with this release: [30723] posix_memalign repeatedly scans long bin lists [30789] sem_open will fail on multithreaded scenarios when semaphore file doesn't exist (O_CREAT) [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with -D_FILE_OFFSET_BITS=64 [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
LibreELEC
LibreELEC is a 'Just enough OS' Linux distribution for the award-winning Kodi software on popular mediacentre hardware. Further information on the project can be found on the LibreELEC website.
Issues & Support
Please ask questions in the LibreELEC forum: Help & Support or ask a member of project staff in the #libreelec IRC channel on Libera.Chat. Please report bugs via GitHub Issues.
Donations
Contributions towards current project funding goals can be made via OpenCollective.
License
LibreELEC original code is released under GPLv2.
Copyright
As LibreELEC includes code from many upstream projects it has many copyright owners; notably OpenELEC which we forked from after disagreeing with project direction and management, and OpenBricks/GeeXboX the uncredited source of the original 2009 build system. LibreELEC makes no claim of copyright on any upstream code. However all original LibreELEC authored code is copyright LibreELEC.tv. Patches to upstream code have the same license as the upstream project unless specified otherwise. For a complete copyright list please checkout the source code to examine license headers. Unless expressly stated otherwise all code submitted to the LibreELEC project (in any form) is licensed under GPLv2 and copyright is donated to the project. This approach gives the project freedom to maintain the code without the overhead of preserving contact with every submitter, e.g. GPLv3. You are free to retain copyright by adding your copyright header to each submitted code page. If you submit code that is not your own work it is your responsibility to place a header stating the copyright.