This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH COMMITTED] Add references to CVE-2017-17426


MITRE assigned a CVE ID.

Thanks,
Florian
commit 37ac8e635a29810318f6d79902102e2e96b2b5bf
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Dec 6 07:39:25 2017 +0100

    Add references to CVE-2017-17426

diff --git a/ChangeLog b/ChangeLog
index ab41d9d947..6b752ac3de 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1164,6 +1164,7 @@
 2017-11-30  Arjun Shankar  <arjun@redhat.com>
 
 	[BZ #22375]
+	CVE-2017-17426
 	* malloc/malloc.c (__libc_malloc): Use checked_request2size
 	instead of request2size.
 
diff --git a/NEWS b/NEWS
index dc5fe32cf8..faa60abe30 100644
--- a/NEWS
+++ b/NEWS
@@ -112,6 +112,11 @@ Security related changes:
   without GLOB_NOESCAPE, could write past the end of a buffer while
   unescaping user names.  Reported by Tim Rühsen.
 
+  CVE-2017-17426: The malloc function, when called with an object size near
+  the value SIZE_MAX, would return a pointer to a buffer which is too small,
+  instead of NULL.  This was a regression introduced with the new malloc
+  thread cache in glibc 2.26.  Reported by Iain Buclaw.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]