This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
NEWS update for CVE-2016-5417
- From: Florian Weimer <fweimer at redhat dot com>
- To: GNU C Library <libc-alpha at sourceware dot org>, Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
- Date: Fri, 29 Jul 2016 17:36:15 -0400
- Subject: NEWS update for CVE-2016-5417
- Authentication-results: sourceware.org; auth=none
CVE-2016-5417 was assigned to bug 19257.
Thanks,
Florian
commit fab382315ad3be7c773aaf7ca49c053cf91755fe
Author: Florian Weimer <fweimer@redhat.com>
Date: Fri Jul 29 17:34:17 2016 -0400
CVE-2016-5417 was assigned to bug 19257
diff --git a/NEWS b/NEWS
index e2737d5..680f792 100644
--- a/NEWS
+++ b/NEWS
@@ -66,6 +66,11 @@ Security related changes:
flooded with crafted ICMP and UDP messages. Reported by Aldy Hernandez'
alloca plugin for GCC. (CVE-2016-4429)
+* The IPv6 name server management code in libresolv could result in a memory
+ leak for each thread which is created, performs a failing naming lookup,
+ and exits. Over time, this could result in a denial of service due to
+ memory exhaustion. Reported by Matthias Schiffer. (CVE-2016-5417)
+
The following bugs are resolved with this release:
[The release manager will add the list generated by