elf: Compute correct array size in _dl_init_paths [BZ #22606]

author: Florian Weimer <fweimer@redhat.com> 2017-12-14 15:18:38 +0100
committer: Florian Weimer <fweimer@redhat.com> 2017-12-14 15:27:08 +0100
commit: 8a0b17e48b83e933960dfeb8fa08b259f03f310e (patch)
tree: 34c8b4ae867dd10a5f340dcad1109efbfcd12bce /NEWS
parent: f58bd7f055988d367d8118ccbc4cb8c4dbfd9db2 (diff)
download: glibc-8a0b17e48b83e933960dfeb8fa08b259f03f310e.tar.gz
glibc-8a0b17e48b83e933960dfeb8fa08b259f03f310e.tar.xz
glibc-8a0b17e48b83e933960dfeb8fa08b259f03f310e.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index abbe561dcb..eef51b65a6 100644
--- a/NEWS
+++ b/NEWS
@@ -125,6 +125,11 @@ Security related changes:
   instead of NULL.  This was a regression introduced with the new malloc
   thread cache in glibc 2.26.  Reported by Iain Buclaw.
 
+  CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads
+  to the allocation of too much memory.  (This is not a security bug per se,
+  it is mentioned here only because of the CVE assignment.)  Reported by
+  Qualys.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by
author	Florian Weimer <fweimer@redhat.com>	2017-12-14 15:18:38 +0100
committer	Florian Weimer <fweimer@redhat.com>	2017-12-14 15:27:08 +0100
commit	8a0b17e48b83e933960dfeb8fa08b259f03f310e (patch)
tree	34c8b4ae867dd10a5f340dcad1109efbfcd12bce /NEWS
parent	f58bd7f055988d367d8118ccbc4cb8c4dbfd9db2 (diff)
download	glibc-8a0b17e48b83e933960dfeb8fa08b259f03f310e.tar.gz glibc-8a0b17e48b83e933960dfeb8fa08b259f03f310e.tar.xz glibc-8a0b17e48b83e933960dfeb8fa08b259f03f310e.zip