NEWS: Add entry for CVE-2021-27645

author: DJ Delorie <dj@redhat.com> 2021-03-03 14:52:57 -0500
committer: DJ Delorie <dj@redhat.com> 2021-03-09 14:34:50 -0500
commit: 24eb3be5db5befefe4bcf0f438bf6629a9c3a608 (patch)
tree: bc2911544d66f2e3a8661582009a17441b65af40 /NEWS
parent: 6905404496f47afcb2f585e4e290fe9646ca4ae3 (diff)
download: glibc-24eb3be5db5befefe4bcf0f438bf6629a9c3a608.tar.gz
glibc-24eb3be5db5befefe4bcf0f438bf6629a9c3a608.tar.xz
glibc-24eb3be5db5befefe4bcf0f438bf6629a9c3a608.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 73a1a0df97..aa0f10a891 100644
--- a/NEWS
+++ b/NEWS
@@ -31,7 +31,10 @@ Changes to build and runtime requirements:
 
 Security related changes:
 
-  [Add security related changes here]
+  CVE-2021-27645: The nameserver caching daemon (nscd), when processing
+  a request for netgroup lookup, may crash due to a double-free,
+  potentially resulting in degraded service or Denial of Service on the
+  local system.  Reported by Chris Schanzle.
 
 The following bugs are resolved with this release:
author	DJ Delorie <dj@redhat.com>	2021-03-03 14:52:57 -0500
committer	DJ Delorie <dj@redhat.com>	2021-03-09 14:34:50 -0500
commit	24eb3be5db5befefe4bcf0f438bf6629a9c3a608 (patch)
tree	bc2911544d66f2e3a8661582009a17441b65af40 /NEWS
parent	6905404496f47afcb2f585e4e290fe9646ca4ae3 (diff)
download	glibc-24eb3be5db5befefe4bcf0f438bf6629a9c3a608.tar.gz glibc-24eb3be5db5befefe4bcf0f438bf6629a9c3a608.tar.xz glibc-24eb3be5db5befefe4bcf0f438bf6629a9c3a608.zip