diff options
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 59 |
1 files changed, 58 insertions, 1 deletions
diff --git a/NEWS b/NEWS index 3f2cb5915f..49895f81bd 100644 --- a/NEWS +++ b/NEWS @@ -59,18 +59,45 @@ Security related changes: for AT_SECURE or SUID binaries could be used to load libraries from the current directory. + CVE-2017-18269: An SSE2-based memmove implementation for the i386 + architecture could corrupt memory. Reported by Max Horn. + CVE-2018-1000001: Buffer underflow in realpath function when getcwd function succeeds without returning an absolute path due to unexpected behaviour of the Linux kernel getcwd syscall. Reported by halfdog. + CVE-2018-6485: The posix_memalign and memalign functions, when called with + an object size near the value of SIZE_MAX, would return a pointer to a + buffer which is too small, instead of NULL. Reported by Jakub Wilk. + + CVE-2018-6551: The malloc function, when called with an object size near + the value of SIZE_MAX, would return a pointer to a buffer which is too + small, instead of NULL. + + CVE-2018-11236: Very long pathname arguments to realpath function could + result in an integer overflow and buffer overflow. Reported by Alexey + Izbyshev. + + CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi + architecture could write beyond the target buffer, resulting in a buffer + overflow. Reported by Andreas Schwab. + + CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a + denial of service due to resource exhaustion when processing getaddrinfo + calls with crafted host names. Reported by Guido Vranken. + The following bugs are resolved with this release: [16750] ldd: Never run file directly. + [17343] Fix signed integer overflow in random_r [17956] crypt: Use NSPR header files in addition to NSS header files + [20419] elf: Fix stack overflow with huge PT_NOTE segment [20532] getaddrinfo: More robust handling of dlopen failures [21242] assert: Suppress pedantic warning caused by statement expression [21265] x86-64: Use fxsave/xsave/xsavec in _dl_runtime_resolve + [21269] i386 sigaction sa_restorer handling is wrong [21780] posix: Set p{read,write}v2 to return ENOTSUP + [21812] getifaddrs: Don't return ifa entries with NULL names [21871] x86-64: Use _dl_runtime_resolve_opt only with AVX512F [21885] getaddrinfo: Release resolver context on error in gethosts [21915] getaddrinfo: incorrect result handling for NSS service modules @@ -99,15 +126,45 @@ The following bugs are resolved with this release: [22321] sysconf: Fix missing definition of UIO_MAXIOV on Linux [22322] libc: [mips64] wrong bits/long-double.h installed [22325] glibc: Memory leak in glob with GLOB_TILDE (CVE-2017-15671) + [22342] NSCD not properly caching netgroup + [22343] malloc: Integer overflow in posix_memalign (CVE-2018-6485) [22375] malloc returns pointer from tcache instead of NULL (CVE-2017-17426) [22377] Provide a C++ version of iseqsig - [22636] PTHREAD_STACK_MIN is too small on x86-64 + [22442] if_nametoindex: Check length of ifname before copying it + [22446] Fix nscd readlink argument aliasing + [22447] Avoid use of strlen in getlogin_r + [22463] Fix p_secstodate overflow handling [22627] $ORIGIN in $LD_LIBRARY_PATH is substituted twice + [22636] PTHREAD_STACK_MIN is too small on x86-64 [22637] nptl: Fix stack guard size accounting + [22644] Fix i386 memmove issue [22679] getcwd(3) can succeed without returning an absolute path (CVE-2018-1000001) [22685] powerpc: Fix syscalls during early process initialization [22715] x86-64: Properly align La_x86_64_retval to VEC_SIZE + [22753] libc: preadv2/pwritev2 fallback code should handle offset=-1 + [22774] malloc: Integer overflow in malloc (CVE-2018-6551) + [22786] Fix path length overflow in realpath + [22927] libanl: properly cleanup if first helper thread creation failed + [23005] resolv: Fix crash in resolver on memory allocation failure + [23024] getlogin_r: return early when linux sentinel value is set + [23037] resolv: Fully initialize struct mmsghdr in send_dg + [23137] s390: Fix blocking pthread_join + [23171] Fix parameter type in C++ version of iseqsig + [23196] __mempcpy_avx512_no_vzeroupper mishandles large copies + [23236] Harden function pointers in _IO_str_fields + [23313] libio: Disable vtable validation in case of interposition + [23349] Various glibc headers no longer compatible with <linux/time.h> + [23538] pthread_cond_broadcast: Fix waiters-after-spinning case + [23363] stdio-common/tst-printf.c has non-free license + [23456] Wrong index_cpu_LZCNT + [23459] COMMON_CPUID_INDEX_80000001 isn't populated for Intel processors + [23562] signal: Use correct type for si_band in siginfo_t + [23579] libc: Errors misreported in preadv2 + [23709] Fix CPU string flags for Haswell-type CPUs + [23927] Linux if_nametoindex() does not close descriptor (CVE-2018-19591) + [24018] gettext may return NULL + [24027] malloc: Integer overflow in realloc Version 2.26 |