diff options
author | Florian Weimer <fweimer@redhat.com> | 2016-02-18 15:10:11 +0100 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2016-02-18 15:10:11 +0100 |
commit | 6400ae6ecf6376af230d3ec82a8541848d3239e9 (patch) | |
tree | da20a69a610a6cd3e619ebc626b98c76b23ea272 | |
parent | a5df3210a641c175138052037fcdad34298bfa4d (diff) | |
download | glibc-6400ae6ecf6376af230d3ec82a8541848d3239e9.tar.gz glibc-6400ae6ecf6376af230d3ec82a8541848d3239e9.tar.xz glibc-6400ae6ecf6376af230d3ec82a8541848d3239e9.zip |
NEWS: List additional fixed security bugs
-rw-r--r-- | NEWS | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/NEWS b/NEWS index f80ce9cb59..e5a6da1fde 100644 --- a/NEWS +++ b/NEWS @@ -47,9 +47,6 @@ Version 2.23 tzselect). This is useful for people who build the timezone data and code independent of the GNU C Library. -* The LD_POINTER_GUARD environment variable can no longer be used to - disable the pointer guard feature. It is always enabled. - * The obsolete header <regexp.h> has been removed. Programs that require this header must be updated to use <regex.h> instead. @@ -75,9 +72,24 @@ Version 2.23 Security related changes: +* An out-of-bounds value in a broken-out struct tm argument to strftime no + longer causes a crash. Reported by Adam Nielsen. (CVE-2015-8776) + +* The LD_POINTER_GUARD environment variable can no longer be used to disable + the pointer guard feature. It is always enabled. Previously, + LD_POINTER_GUARD could be used to disable security hardening in binaries + running in privileged AT_SECURE mode. Reported by Hector Marco-Gisbert. + (CVE-2015-8777) + +* An integer overflow in hcreate and hcreate_r could lead to an + out-of-bounds memory access. Reported by Szabolcs Nagy. (CVE-2015-8778) + +* The catopen function no longer has unbounded stack usage. Reported by + Max. (CVE-2015-8779) + * The nan, nanf and nanl functions no longer have unbounded stack usage depending on the length of the string passed as an argument to the - functions. Reported by Joseph Myers. + functions. Reported by Joseph Myers. (CVE-2014-9761) * A stack-based buffer overflow was found in libresolv when invoked from libnss_dns, allowing specially crafted DNS responses to seize control |