about summary refs log tree commit diff
path: root/NEWS
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2016-02-18 15:10:11 +0100
committerFlorian Weimer <fweimer@redhat.com>2016-02-18 15:10:11 +0100
commit6400ae6ecf6376af230d3ec82a8541848d3239e9 (patch)
treeda20a69a610a6cd3e619ebc626b98c76b23ea272 /NEWS
parenta5df3210a641c175138052037fcdad34298bfa4d (diff)
downloadglibc-6400ae6ecf6376af230d3ec82a8541848d3239e9.tar.gz
glibc-6400ae6ecf6376af230d3ec82a8541848d3239e9.tar.xz
glibc-6400ae6ecf6376af230d3ec82a8541848d3239e9.zip
NEWS: List additional fixed security bugs
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS20
1 files changed, 16 insertions, 4 deletions
diff --git a/NEWS b/NEWS
index f80ce9cb59..e5a6da1fde 100644
--- a/NEWS
+++ b/NEWS
@@ -47,9 +47,6 @@ Version 2.23
   tzselect).  This is useful for people who build the timezone data and code
   independent of the GNU C Library.
 
-* The LD_POINTER_GUARD environment variable can no longer be used to
-  disable the pointer guard feature.  It is always enabled.
-
 * The obsolete header <regexp.h> has been removed.  Programs that require
   this header must be updated to use <regex.h> instead.
 
@@ -75,9 +72,24 @@ Version 2.23
 
 Security related changes:
 
+* An out-of-bounds value in a broken-out struct tm argument to strftime no
+  longer causes a crash.  Reported by Adam Nielsen.  (CVE-2015-8776)
+
+* The LD_POINTER_GUARD environment variable can no longer be used to disable
+  the pointer guard feature.  It is always enabled.  Previously,
+  LD_POINTER_GUARD could be used to disable security hardening in binaries
+  running in privileged AT_SECURE mode.  Reported by Hector Marco-Gisbert.
+  (CVE-2015-8777)
+
+* An integer overflow in hcreate and hcreate_r could lead to an
+  out-of-bounds memory access.  Reported by Szabolcs Nagy.  (CVE-2015-8778)
+
+* The catopen function no longer has unbounded stack usage.  Reported by
+  Max.  (CVE-2015-8779)
+
 * The nan, nanf and nanl functions no longer have unbounded stack usage
   depending on the length of the string passed as an argument to the
-  functions.  Reported by Joseph Myers.
+  functions.  Reported by Joseph Myers.  (CVE-2014-9761)
 
 * A stack-based buffer overflow was found in libresolv when invoked from
   libnss_dns, allowing specially crafted DNS responses to seize control