about summary refs log tree commit diff
path: root/NEWS
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2018-11-27 16:12:43 +0100
committerFlorian Weimer <fweimer@redhat.com>2018-11-27 18:12:49 +0100
commitd527c860f5a3f0ed687bd03f0cb464612dc23408 (patch)
treee2aaa3fa759808a9fcfd3ef80a73131864deee7b /NEWS
parent979cfed05d0ee5a9d81d310ea1eb2d590739e36b (diff)
downloadglibc-d527c860f5a3f0ed687bd03f0cb464612dc23408.tar.gz
glibc-d527c860f5a3f0ed687bd03f0cb464612dc23408.tar.xz
glibc-d527c860f5a3f0ed687bd03f0cb464612dc23408.zip
CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS4


1 files changed, 3 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index f488821af1..1098be1afb 100644
--- a/NEWS
+++ b/NEWS
@@ -57,7 +57,9 @@ Changes to build and runtime requirements:
 
 Security related changes:
 
-  [Add security related changes here]
+  CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a
+  denial of service due to resource exhaustion when processing getaddrinfo
+  calls with crafted host names.  Reported by Guido Vranken.
 
 The following bugs are resolved with this release:
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-29 18:04:46 +0000