diff options
| author | Andreas Schwab <schwab@suse.de> | 2020-02-19 17:21:46 +0100 |
|---|---|---|
| committer | Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com> | 2020-03-20 15:23:11 -0300 |
| commit | 21344a3d62a29406fddeec069ee4eb3c341369f9 (patch) | |
| tree | bffa7bd9e01b3038205e147e7c0eeb7f7a8ef766 /NEWS | |
| parent | 0478174d1e2c2a894a35b1cdffc573dca310b438 (diff) | |
| download | glibc-21344a3d62a29406fddeec069ee4eb3c341369f9.tar.gz glibc-21344a3d62a29406fddeec069ee4eb3c341369f9.tar.xz glibc-21344a3d62a29406fddeec069ee4eb3c341369f9.zip | |
Fix use-after-free in glob when expanding ~user (bug 25414)
The value of `end_name' points into the value of `dirname', thus don't deallocate the latter before the last use of the former. (cherry picked from commit ddc650e9b3dc916eab417ce9f79e67337b05035c)
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS index 038541c83b..1d00542a5d 100644 --- a/NEWS +++ b/NEWS @@ -73,6 +73,7 @@ The following bugs are resolved with this release: [25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs [25225] ld.so fails to link on x86 if GCC defaults to -fcf-protection [25232] No const correctness for strchr et al. for Clang++ + [25414] 'glob' use-after-free bug (CVE-2020-1752) [25423] Array overflow in backtrace on powerpc Security related changes: @@ -109,6 +110,9 @@ Security related changes: addresses for loaded libraries and thus bypass ASLR for a setuid program. Reported by Marcin KoĆcielnicki. + CVE-2020-1752: A use-after-free vulnerability in the glob function when + expanding ~user has been fixed. + Version 2.28 |