Skip navigation

Update the Packaged cygwin1.dll to a current version

score 35
You have not voted. Not Planned

Currently a version1.x veriant of the Cygwin1.dll file is included in the product. There are bugs in this version that can cause errors if called in certain ways. In order to allow the best scripts to be written to take advantage of current functions and eliminate risk to customer environments please update the version of this file in future release.

 

Upgrading will also eliminate the following Security Risk.

 

Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string.

 

https://www.cvedetails.com/cve/CVE-2017-7523/

 

 

Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.

 

https://www.cvedetails.com/cve/CVE-2016-3067/

Comments

Vote history