about summary refs log tree commit diff
path: root/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS29
1 files changed, 29 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index c4c082b415..9e20117a81 100644
--- a/NEWS
+++ b/NEWS
@@ -21,12 +21,41 @@ Security related changes:
   question type which is outside the range of valid question type values.
   (CVE-2015-5180)
 
+* CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
+  from a one-byte overflow during ~ operator processing (either on the stack
+  or the heap, depending on the length of the user name).
+
+* CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+  would sometimes fail to free memory allocated during ~ operator
+  processing, leading to a memory leak and, potentially, to a denial
+  of service.
+
+* CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
+  without GLOB_NOESCAPE, could write past the end of a buffer while
+  unescaping user names.  Reported by Tim Rühsen.
+
+* CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads
+  to the allocation of too much memory.  (This is not a security bug per se,
+  it is mentioned here only because of the CVE assignment.)  Reported by
+  Qualys.
+
+* CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation
+  of the number of search path components.  (This is not a security
+  vulnerability per se because no trust boundary is crossed if the fix for
+  CVE-2017-1000366 has been applied, but it is mentioned here only because
+  of the CVE assignment.)  Reported by Qualys.
+
 The following bugs are resolved with this release:
 
+  [20790] Fix rpcgen buffer overrun
+  [20978] Fix strlen on null pointer in nss_nisplus
   [21209] Ignore and remove LD_HWCAP_MASK for AT_SECURE programs
+  [21265] x86-64: Use fxsave/xsave/xsavec in _dl_runtime_resolve
   [21289] Fix symbol redirect for fts_set
   [21386] Assertion in fork for distinct parent PID is incorrect
+  [21609] x86-64: Align the stack in __tls_get_addr
   [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
+  [21654] nss: Fix invalid cast in group merging
 
 Version 2.24
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-20 07:17:13 +0000