diff options
author | Paul Pluzhnikov <ppluzhnikov@google.com> | 2015-02-06 00:30:42 -0500 |
---|---|---|
committer | Carlos O'Donell <carlos@systemhalted.org> | 2015-02-06 00:34:51 -0500 |
commit | 5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 (patch) | |
tree | a77a8efbf88a4eed15cfefe4e5d570d380985c1c /NEWS | |
parent | 04cb913ddf67ac90da274dd32b6ceafd57ca36ca (diff) | |
download | glibc-5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06.tar.gz |
CVE-2015-1472: wscanf allocates too little memory
BZ #16618
Under certain conditions wscanf can allocate too little memory for the
to-be-scanned arguments and overflow the allocated buffer. The
implementation now correctly computes the required buffer size when
using malloc.
A regression test was added to tst-sscanf.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 24 |
1 files changed, 15 insertions, 9 deletions
@@ -10,15 +10,21 @@ Version 2.21 * The following bugs are resolved with this release: 6652, 10672, 12674, 12847, 12926, 13862, 14132, 14138, 14171, 14498, - 15215, 15378, 15884, 16009, 16418, 16191, 16469, 16576, 16617, 16619, - 16657, 16740, 16857, 17192, 17266, 17273, 17344, 17363, 17370, 17371, - 17411, 17460, 17475, 17485, 17501, 17506, 17508, 17522, 17555, 17570, - 17571, 17572, 17573, 17574, 17582, 17583, 17584, 17585, 17589, 17594, - 17601, 17608, 17616, 17625, 17630, 17633, 17634, 17635, 17647, 17653, - 17657, 17658, 17664, 17665, 17668, 17682, 17702, 17717, 17719, 17722, - 17723, 17724, 17725, 17732, 17733, 17744, 17745, 17746, 17747, 17748, - 17775, 17777, 17780, 17781, 17782, 17791, 17793, 17796, 17797, 17801, - 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885, 17892. + 15215, 15378, 15884, 16009, 16418, 16191, 16469, 16576, 16617, 16618, + 16619, 16657, 16740, 16857, 17192, 17266, 17273, 17344, 17363, 17370, + 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, 17522, 17555, + 17570, 17571, 17572, 17573, 17574, 17582, 17583, 17584, 17585, 17589, + 17594, 17601, 17608, 17616, 17625, 17630, 17633, 17634, 17635, 17647, + 17653, 17657, 17658, 17664, 17665, 17668, 17682, 17702, 17717, 17719, + 17722, 17723, 17724, 17725, 17732, 17733, 17744, 17745, 17746, 17747, + 17748, 17775, 17777, 17780, 17781, 17782, 17791, 17793, 17796, 17797, + 17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885, + 17892. + +* CVE-2015-1472 Under certain conditions wscanf can allocate too little + memory for the to-be-scanned arguments and overflow the allocated + buffer. The implementation now correctly computes the required buffer + size when using malloc. * A new semaphore algorithm has been implemented in generic C code for all machines. Previous custom assembly implementations of semaphore were |