diff options
| author | Florian Weimer <fweimer@redhat.com> | 2017-08-16 16:47:20 +0200 |
|---|---|---|
| committer | Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com> | 2018-04-06 16:26:37 -0300 |
| commit | 407ec876262f0e6f55635ea0783f1f4a6c5d127f (patch) | |
| tree | 67c1bd4154ed778857305c9afa377bfa55138b01 | |
| parent | d2450a97c3df5527ea0fd49743bc354c979c185f (diff) | |
| download | glibc-407ec876262f0e6f55635ea0783f1f4a6c5d127f.tar.gz glibc-407ec876262f0e6f55635ea0783f1f4a6c5d127f.tar.xz glibc-407ec876262f0e6f55635ea0783f1f4a6c5d127f.zip | |
Add ChangeLog reference to bug 16750/CVE-2009-5064
(cherry picked from commit 403143e1df85dadd374f304bd891be0cd7573e3b)
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | NEWS | 6 |
2 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index dfacabe5ff..a01b406e42 100644 --- a/ChangeLog +++ b/ChangeLog @@ -48,6 +48,8 @@ 2017-08-16 Andreas Schwab <schwab@suse.de> + [BZ #16750] + CVE-2009-5064 * elf/ldd.bash.in: Never run file directly. 2016-10-14 Carlos Eduardo Seo <cseo@linux.vnet.ibm.com> diff --git a/NEWS b/NEWS index ebebb402e1..d7c016c021 100644 --- a/NEWS +++ b/NEWS @@ -81,6 +81,12 @@ Version 2.22.1 to the allocation of too much memory. (This is not a security bug per se, it is mentioned here only because of the CVE assignment.) Reported by Qualys. + +* CVE-2009-5064: The ldd script would sometimes run the program under + examination directly, without preventing code execution through the + dynamic linker. (The glibc project disputes that this is a security + vulnerability; only trusted binaries must be examined using the ldd + script.) Version 2.22 |