diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | NEWS | 5 |
2 files changed, 6 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index 756a3cc0f0..01a1e99d83 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,7 @@ 2017-09-08 Adhemerval Zanella <adhemerval.zanella@linaro.org> [BZ #1062] + CVE-2017-15671 * posix/Makefile (routines): Add globfree, globfree64, and glob_pattern_p. * posix/flexmember.h: New file. diff --git a/NEWS b/NEWS index 8c10e88ec5..a70d21eb40 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,11 @@ Security related changes: from a one-byte overflow during ~ operator processing (either on the stack or the heap, depending on the length of the user name). +* CVE-2017-15671: The glob function, when invoked with GLOB_TILDE, + would sometimes fail to free memory allocated during ~ operator + processing, leading to a memory leak and, potentially, to a denial + of service. + The following bugs are resolved with this release: [20790] Fix rpcgen buffer overrun |