diff options
| author | Florian Weimer <fweimer@redhat.com> | 2018-11-27 16:12:43 +0100 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2018-11-27 21:35:31 +0100 |
| commit | a0bc5dd3bed4b04814047265b3bcead7ab973b87 (patch) | |
| tree | 225222395ade278969b745c64e149d6661dda414 /NEWS | |
| parent | 27e46f5836d69c3e82442b1e3ac8a8b5e9ab12ce (diff) | |
| download | glibc-a0bc5dd3bed4b04814047265b3bcead7ab973b87.tar.gz glibc-a0bc5dd3bed4b04814047265b3bcead7ab973b87.tar.xz glibc-a0bc5dd3bed4b04814047265b3bcead7ab973b87.zip | |
CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]
(cherry picked from commit d527c860f5a3f0ed687bd03f0cb464612dc23408)
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS index 3c708d2903..f6d26425ff 100644 --- a/NEWS +++ b/NEWS @@ -82,6 +82,10 @@ Security related changes: architecture could write beyond the target buffer, resulting in a buffer overflow. Reported by Andreas Schwab. + CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a + denial of service due to resource exhaustion when processing getaddrinfo + calls with crafted host names. Reported by Guido Vranken. + The following bugs are resolved with this release: [16750] ldd: Never run file directly. @@ -158,6 +162,7 @@ The following bugs are resolved with this release: [23562] signal: Use correct type for si_band in siginfo_t [23579] libc: Errors misreported in preadv2 [23709] Fix CPU string flags for Haswell-type CPUs + [23927] Linux if_nametoindex() does not close descriptor (CVE-2018-19591) Version 2.26 |