[COMMITTED 2.26 1/4] Update NEWS and ChangeLog for CVE-2017-15671
Aurelien Jarno
aurelien@aurel32.net
Sun Jan 1 00:00:00 GMT 2017
From: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit 914c9994d27b80bc3b71c483e801a4f04e269ba6)
---
NEWS | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/NEWS b/NEWS
index 359465ff3e..037b28cb9b 100644
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,11 @@ Security related changes:
on the stack or the heap, depending on the length of the user name).
Reported by Tim Rühsen.
+ CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+ would sometimes fail to free memory allocated during ~ operator
+ processing, leading to a memory leak and, potentially, to a denial
+ of service.
+
The following bugs are resolved with this release:
[16750] ldd: Never run file directly.
--
2.15.0
More information about the Libc-stable
mailing list