diff options
author | DJ Delorie <dj@redhat.com> | 2021-03-03 14:52:57 -0500 |
---|---|---|
committer | Dmitry V. Levin <ldv@altlinux.org> | 2022-10-04 08:00:00 +0000 |
commit | aa510aa2767b9aff0401a62718e2cf93f745fb0d (patch) | |
tree | be4536e5f1343152c5d940db09ba7b20b4e3eee6 | |
parent | 3299ce69c50b85696ffa935083c8f8c43f9e0ac5 (diff) | |
download | glibc-aa510aa2767b9aff0401a62718e2cf93f745fb0d.tar.gz glibc-aa510aa2767b9aff0401a62718e2cf93f745fb0d.tar.xz glibc-aa510aa2767b9aff0401a62718e2cf93f745fb0d.zip |
NEWS: Mention CVE-2021-27645
(cherry picked from commit 24eb3be5db5befefe4bcf0f438bf6629a9c3a608)
-rw-r--r-- | NEWS | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS index ddbe2733ff..7bd476deb6 100644 --- a/NEWS +++ b/NEWS @@ -22,6 +22,11 @@ Security related changes: converted output contains a combined sequence of two wide characters crossing a buffer boundary. Reported by Tavis Ormandy. + CVE-2021-27645: The nameserver caching daemon (nscd), when processing + a request for netgroup lookup, may crash due to a double-free, + potentially resulting in degraded service or Denial of Service on the + local system. Reported by Chris Schanzle. + CVE-2021-33574: The mq_notify function has a potential use-after-free issue when using a notification type of SIGEV_THREAD and a thread attribute with a non-default affinity mask. |