diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS index 138aee2e91..afca6c2be7 100644 --- a/NEWS +++ b/NEWS @@ -13,6 +13,11 @@ Version 2.20.1 17625, 17630, 17801, 18032, 18080, 18508, 18665, 18694, 18928, 19018, 19682. +* Previously, getaddrinfo copied large amounts of address data to the stack, + even after the fix for CVE-2013-4458 has been applied, potentially + resulting in a stack overflow. getaddrinfo now uses a heap allocation + instead. Reported by Michael Petlan. (CVE-2016-3706) + * A stack-based buffer overflow was found in libresolv when invoked from libnss_dns, allowing specially crafted DNS responses to seize control of execution flow in the DNS client. The buffer overflow occurs in |