diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 16 |
1 files changed, 15 insertions, 1 deletions
@@ -10,7 +10,21 @@ Version 2.20.1 * The following bugs are resolved with this release: 16009, 16617, 16618, 17266, 17269, 17370, 17371, 17460, 17485, 17555, - 17625, 17630, 17801, 18007, 18032, 18287, 18665, 18694, 18928, 19018. + 17625, 17630, 17801, 17905, 18007, 18032, 18080, 18240, 18287, 18508, + 18665, 18694, 18928, 19018, 19682. + +* The glob function suffered from a stack-based buffer overflow when it was + called with the GLOB_ALTDIRFUNC flag and encountered a long file name. + Reported by Alexander Cherepanov. (CVE-2016-1234) + +* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It + could result in a stack overflow when getnetbyname was called with an + overly long name. (CVE-2016-3075) + +* Previously, getaddrinfo copied large amounts of address data to the stack, + even after the fix for CVE-2013-4458 has been applied, potentially + resulting in a stack overflow. getaddrinfo now uses a heap allocation + instead. Reported by Michael Petlan. (CVE-2016-3706) * A stack-based buffer overflow was found in libresolv when invoked from libnss_dns, allowing specially crafted DNS responses to seize control |