diff options
author | Florian Weimer <fweimer@redhat.com> | 2016-03-29 12:57:56 +0200 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2016-04-04 15:31:21 -0400 |
commit | 146b58d11fddbef15b888906e3be4f33900c416f (patch) | |
tree | 2579a152d614c2c7d1190b15e7103d7e31d31f28 /NEWS | |
parent | 0eb234232eaf925fe4dca3bd60a3e1b4a7ab2882 (diff) | |
download | glibc-146b58d11fddbef15b888906e3be4f33900c416f.tar.gz |
CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]
The defensive copy is not needed because the name may not alias the
output buffer.
(cherry picked from commit 317b199b4aff8cfa27f2302ab404d2bb5032b9a4)
(cherry picked from commit 883dceebc8f11921a9890211a4e202e5be17562f)
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 10 |
1 files changed, 8 insertions, 2 deletions
@@ -9,7 +9,10 @@ Version 2.23.1 Security related changes: - [Add security related changes here] +* The getnetbyname implementation in nss_dns had a potentially unbounded + alloca call (in the form of a call to strdupa), leading to a stack + overflow (stack exhaustion) and a crash if getnetbyname is invoked + on a very long name. (CVE-2016-3075) The following bugs are resolved with this release: @@ -17,9 +20,12 @@ The following bugs are resolved with this release: [19758] Or bit_Prefer_MAP_32BIT_EXEC in EXTRA_LD_ENVVARS [19759] Don't inline mempcpy for x86 [19762] Use HAS_ARCH_FEATURE with Fast_Rep_String - [19791] Assertion failure in res_query.c with un-connectable name server addresses + [19791] Assertion failure in res_query.c with un-connectable name server + addresses [19792] MIPS: backtrace yields infinite backtrace with makecontext [19822] libm.so install clobbers old version + [19879] network: nss_dns: Stack overflow in getnetbyname implementation + (CVE-2016-3075) Version 2.23 |