about summary refs log tree commit diff
path: root/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS59
1 files changed, 58 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 3f2cb5915f..49895f81bd 100644
--- a/NEWS
+++ b/NEWS
@@ -59,18 +59,45 @@ Security related changes:
   for AT_SECURE or SUID binaries could be used to load libraries from the
   current directory.
 
+  CVE-2017-18269: An SSE2-based memmove implementation for the i386
+  architecture could corrupt memory.  Reported by Max Horn.
+
   CVE-2018-1000001: Buffer underflow in realpath function when getcwd function
   succeeds without returning an absolute path due to unexpected behaviour
   of the Linux kernel getcwd syscall.  Reported by halfdog.
 
+  CVE-2018-6485: The posix_memalign and memalign functions, when called with
+  an object size near the value of SIZE_MAX, would return a pointer to a
+  buffer which is too small, instead of NULL.  Reported by Jakub Wilk.
+
+  CVE-2018-6551: The malloc function, when called with an object size near
+  the value of SIZE_MAX, would return a pointer to a buffer which is too
+  small, instead of NULL.
+
+  CVE-2018-11236: Very long pathname arguments to realpath function could
+  result in an integer overflow and buffer overflow.  Reported by Alexey
+  Izbyshev.
+
+  CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
+  architecture could write beyond the target buffer, resulting in a buffer
+  overflow.  Reported by Andreas Schwab.
+
+  CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a
+  denial of service due to resource exhaustion when processing getaddrinfo
+  calls with crafted host names.  Reported by Guido Vranken.
+
 The following bugs are resolved with this release:
 
   [16750] ldd: Never run file directly.
+  [17343] Fix signed integer overflow in random_r
   [17956] crypt: Use NSPR header files in addition to NSS header files
+  [20419] elf: Fix stack overflow with huge PT_NOTE segment
   [20532] getaddrinfo: More robust handling of dlopen failures
   [21242] assert: Suppress pedantic warning caused by statement expression
   [21265] x86-64: Use fxsave/xsave/xsavec in _dl_runtime_resolve
+  [21269] i386 sigaction sa_restorer handling is wrong
   [21780] posix: Set p{read,write}v2 to return ENOTSUP
+  [21812] getifaddrs: Don't return ifa entries with NULL names
   [21871] x86-64: Use _dl_runtime_resolve_opt only with AVX512F
   [21885] getaddrinfo: Release resolver context on error in gethosts
   [21915] getaddrinfo: incorrect result handling for NSS service modules
@@ -99,15 +126,45 @@ The following bugs are resolved with this release:
   [22321] sysconf: Fix missing definition of UIO_MAXIOV on Linux
   [22322] libc: [mips64] wrong bits/long-double.h installed
   [22325] glibc: Memory leak in glob with GLOB_TILDE (CVE-2017-15671)
+  [22342] NSCD not properly caching netgroup
+  [22343] malloc: Integer overflow in posix_memalign (CVE-2018-6485)
   [22375] malloc returns pointer from tcache instead of NULL (CVE-2017-17426)
   [22377] Provide a C++ version of iseqsig
-  [22636] PTHREAD_STACK_MIN is too small on x86-64
+  [22442] if_nametoindex: Check length of ifname before copying it
+  [22446] Fix nscd readlink argument aliasing
+  [22447] Avoid use of strlen in getlogin_r
+  [22463] Fix p_secstodate overflow handling
   [22627] $ORIGIN in $LD_LIBRARY_PATH is substituted twice
+  [22636] PTHREAD_STACK_MIN is too small on x86-64
   [22637] nptl: Fix stack guard size accounting
+  [22644] Fix i386 memmove issue
   [22679] getcwd(3) can succeed without returning an absolute path
     (CVE-2018-1000001)
   [22685] powerpc: Fix syscalls during early process initialization
   [22715] x86-64: Properly align La_x86_64_retval to VEC_SIZE
+  [22753] libc: preadv2/pwritev2 fallback code should handle offset=-1
+  [22774] malloc: Integer overflow in malloc (CVE-2018-6551)
+  [22786] Fix path length overflow in realpath
+  [22927] libanl: properly cleanup if first helper thread creation failed
+  [23005] resolv: Fix crash in resolver on memory allocation failure
+  [23024] getlogin_r: return early when linux sentinel value is set
+  [23037] resolv: Fully initialize struct mmsghdr in send_dg
+  [23137] s390: Fix blocking pthread_join
+  [23171] Fix parameter type in C++ version of iseqsig
+  [23196] __mempcpy_avx512_no_vzeroupper mishandles large copies
+  [23236] Harden function pointers in _IO_str_fields
+  [23313] libio: Disable vtable validation in case of interposition
+  [23349] Various glibc headers no longer compatible with <linux/time.h>
+  [23538] pthread_cond_broadcast: Fix waiters-after-spinning case
+  [23363] stdio-common/tst-printf.c has non-free license
+  [23456] Wrong index_cpu_LZCNT
+  [23459] COMMON_CPUID_INDEX_80000001 isn't populated for Intel processors
+  [23562] signal: Use correct type for si_band in siginfo_t
+  [23579] libc: Errors misreported in preadv2
+  [23709] Fix CPU string flags for Haswell-type CPUs
+  [23927] Linux if_nametoindex() does not close descriptor (CVE-2018-19591)
+  [24018] gettext may return NULL
+  [24027] malloc: Integer overflow in realloc
 
 Version 2.26
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-13 01:16:18 +0000