[COMMITTED 2.25 5/8] Update NEWS and ChangeLog for CVE-2017-15671
Aurelien Jarno
aurelien@aurel32.net
Sun Jan 1 00:00:00 GMT 2017
From: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit 914c9994d27b80bc3b71c483e801a4f04e269ba6)
---
ChangeLog | 1 +
NEWS | 5 +++++
2 files changed, 6 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index f1666c8ed7..c19862d829 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,7 @@
2017-09-08 Adhemerval Zanella <adhemerval.zanella@linaro.org>
[BZ #1062]
+ CVE-2017-15671
* posix/Makefile (routines): Add globfree, globfree64, and
glob_pattern_p.
* posix/flexmember.h: New file.
diff --git a/NEWS b/NEWS
index 98aa362444..c353ce6273 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,11 @@ Security related changes:
* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
to avoid fragmentation-based spoofing attacks.
+ CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+ would sometimes fail to free memory allocated during ~ operator
+ processing, leading to a memory leak and, potentially, to a denial
+ of service.
+
The following bugs are resolved with this release:
[20257] sunrpc: clntudp_call does not enforce timeout when receiving data
--
2.15.0
More information about the Libc-stable
mailing list