about summary refs log tree commit diff
path: root/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS6
1 files changed, 5 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 50479f17c9..df03f4dc48 100644
--- a/NEWS
+++ b/NEWS
@@ -86,7 +86,11 @@ Changes to build and runtime requirements:
 
 Security related changes:
 
-  [Add security related changes here]
+  CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
+  environment variable during program execution after a security
+  transition, allowing local attackers to restrict the possible mapping
+  addresses for loaded libraries and thus bypass ASLR for a setuid
+  program.  Reported by Marcin Koƛcielnicki.
 
 The following bugs are resolved with this release: