diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 29 |
1 files changed, 29 insertions, 0 deletions
@@ -21,12 +21,41 @@ Security related changes: question type which is outside the range of valid question type values. (CVE-2015-5180) +* CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered + from a one-byte overflow during ~ operator processing (either on the stack + or the heap, depending on the length of the user name). + +* CVE-2017-15671: The glob function, when invoked with GLOB_TILDE, + would sometimes fail to free memory allocated during ~ operator + processing, leading to a memory leak and, potentially, to a denial + of service. + +* CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and + without GLOB_NOESCAPE, could write past the end of a buffer while + unescaping user names. Reported by Tim Rühsen. + +* CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads + to the allocation of too much memory. (This is not a security bug per se, + it is mentioned here only because of the CVE assignment.) Reported by + Qualys. + +* CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation + of the number of search path components. (This is not a security + vulnerability per se because no trust boundary is crossed if the fix for + CVE-2017-1000366 has been applied, but it is mentioned here only because + of the CVE assignment.) Reported by Qualys. + The following bugs are resolved with this release: + [20790] Fix rpcgen buffer overrun + [20978] Fix strlen on null pointer in nss_nisplus [21209] Ignore and remove LD_HWCAP_MASK for AT_SECURE programs + [21265] x86-64: Use fxsave/xsave/xsavec in _dl_runtime_resolve [21289] Fix symbol redirect for fts_set [21386] Assertion in fork for distinct parent PID is incorrect + [21609] x86-64: Align the stack in __tls_get_addr [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366) + [21654] nss: Fix invalid cast in group merging Version 2.24 |