CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287]

[glibc.git] / NEWS

diff --git a/NEWS b/NEWS
index b6776bcc692c9bc2f149e579294532d88469d52e..ccc4d135b9edcee6bc5c90f4774d15b07ccb3917 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,13 +9,21 @@ Version 2.22
 
 * The following bugs are resolved with this release:
 
-  4719, 13064, 14094, 14841, 14906, 15319, 15467, 15790, 15969, 16351,
+  4719, 6792, 13064, 14094, 14841, 14906, 15319, 15467, 15790, 15969, 16351,
   16512, 16560, 16783, 16850, 17090, 17195, 17269, 17523, 17542, 17569,
   17588, 17596, 17620, 17621, 17628, 17631, 17711, 17776, 17779, 17792,
   17836, 17912, 17916, 17930, 17932, 17944, 17949, 17964, 17965, 17967,
   17969, 17978, 17987, 17991, 17996, 17998, 17999, 18019, 18020, 18029,
   18030, 18032, 18036, 18038, 18039, 18042, 18043, 18046, 18047, 18068,
-  18080, 18093, 18100, 18104, 18110, 18111, 18128, 18138, 18185, 18197.
+  18080, 18093, 18100, 18104, 18110, 18111, 18128, 18138, 18185, 18197,
+  18206, 18210, 18211, 18247, 18287.
+
+* A buffer overflow in gethostbyname_r and related functions performing DNS
+  requests has been fixed.  If the NSS functions were called with a
+  misaligned buffer, the buffer length change due to pointer alignment was
+  not taken into account.  This could result in application crashes or,
+  potentially arbitrary code execution, using crafted, but syntactically
+  valid DNS responses.  (CVE-2015-1781)
 
 * A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors
   for LD and GD on x86 and x86-64, has been implemented.  You will need