diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | NEWS | 12 |
2 files changed, 15 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog index 5a90364f90..a8539a3705 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2017-08-01 Siddhesh Poyarekar <siddhesh@sourceware.org> + + * NEWS: Update security-related changes. + 2017-07-30 Siddhesh Poyarekar <siddhesh@sourceware.org> * po/be.po: Update translations. diff --git a/NEWS b/NEWS index ab0fb545f8..bd48d18158 100644 --- a/NEWS +++ b/NEWS @@ -194,7 +194,17 @@ Changes to build and runtime requirements: Security related changes: * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes, - to avoid fragmentation-based spoofing attacks. + to avoid fragmentation-based spoofing attacks (CVE-2017-12132). + +* LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE + mode to guard against local privilege escalation attacks (CVE-2017-1000366). + +* Avoid printing a backtrace from the __stack_chk_fail function since it is + called on a corrupt stack and a backtrace is unreliable on a corrupt stack + (CVE-2010-3192). + +* A use-after-free vulnerability in clntudp_call in the Sun RPC system has been + fixed (CVE-2017-12133). The following bugs are resolved with this release: |