This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch master updated. glibc-2.26.9000-936-g37ac8e6


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  37ac8e635a29810318f6d79902102e2e96b2b5bf (commit)
      from  87235d7006afcb681ff7422bae346da7dcd995d7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=37ac8e635a29810318f6d79902102e2e96b2b5bf

commit 37ac8e635a29810318f6d79902102e2e96b2b5bf
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Dec 6 07:39:25 2017 +0100

    Add references to CVE-2017-17426

diff --git a/ChangeLog b/ChangeLog
index ab41d9d..6b752ac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1164,6 +1164,7 @@
 2017-11-30  Arjun Shankar  <arjun@redhat.com>
 
 	[BZ #22375]
+	CVE-2017-17426
 	* malloc/malloc.c (__libc_malloc): Use checked_request2size
 	instead of request2size.
 
diff --git a/NEWS b/NEWS
index dc5fe32..faa60ab 100644
--- a/NEWS
+++ b/NEWS
@@ -112,6 +112,11 @@ Security related changes:
   without GLOB_NOESCAPE, could write past the end of a buffer while
   unescaping user names.  Reported by Tim Rühsen.
 
+  CVE-2017-17426: The malloc function, when called with an object size near
+  the value SIZE_MAX, would return a pointer to a buffer which is too small,
+  instead of NULL.  This was a regression introduced with the new malloc
+  thread cache in glibc 2.26.  Reported by Iain Buclaw.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog |    1 +
 NEWS      |    5 +++++
 2 files changed, 6 insertions(+), 0 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]