diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS index 3c708d2903..f6d26425ff 100644 --- a/NEWS +++ b/NEWS @@ -82,6 +82,10 @@ Security related changes: architecture could write beyond the target buffer, resulting in a buffer overflow. Reported by Andreas Schwab. + CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a + denial of service due to resource exhaustion when processing getaddrinfo + calls with crafted host names. Reported by Guido Vranken. + The following bugs are resolved with this release: [16750] ldd: Never run file directly. @@ -158,6 +162,7 @@ The following bugs are resolved with this release: [23562] signal: Use correct type for si_band in siginfo_t [23579] libc: Errors misreported in preadv2 [23709] Fix CPU string flags for Haswell-type CPUs + [23927] Linux if_nametoindex() does not close descriptor (CVE-2018-19591) Version 2.26 |