diff options
author | Florian Weimer <fweimer@redhat.com> | 2016-04-29 10:47:40 +0200 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2016-04-29 10:47:40 +0200 |
commit | f5b3338d70a7a2c626331ac4589b6deb2f610432 (patch) | |
tree | 37c8c568424941b9e8bad383fb8dd5476758dc9c /NEWS | |
parent | 4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9 (diff) | |
download | glibc-f5b3338d70a7a2c626331ac4589b6deb2f610432.tar.gz glibc-f5b3338d70a7a2c626331ac4589b6deb2f610432.tar.xz glibc-f5b3338d70a7a2c626331ac4589b6deb2f610432.zip |
NEWS entry for CVE-2016-3075
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS index aa6209e5a1..24e13aeafa 100644 --- a/NEWS +++ b/NEWS @@ -27,6 +27,10 @@ Version 2.24 Security related changes: +* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It + could result in a stack overflow when getnetbyname was called with an + overly long name. (CVE-2016-3075) + * Previously, getaddrinfo copied large amounts of address data to the stack, even after the fix for CVE-2013-4458 has been applied, potentially resulting in a stack overflow. getaddrinfo now uses a heap allocation |