diff options
author | Florian Weimer <fweimer@redhat.com> | 2017-08-16 16:47:20 +0200 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2017-08-16 16:47:20 +0200 |
commit | 403143e1df85dadd374f304bd891be0cd7573e3b (patch) | |
tree | 0c173535f63b0bd33129480f1d152d238e4fd0af | |
parent | eedca9772e99c72ab4c3c34e43cc764250aa3e3c (diff) | |
download | glibc-403143e1df85dadd374f304bd891be0cd7573e3b.zip glibc-403143e1df85dadd374f304bd891be0cd7573e3b.tar.gz glibc-403143e1df85dadd374f304bd891be0cd7573e3b.tar.bz2 |
Add ChangeLog reference to bug 16750/CVE-2009-5064
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | NEWS | 6 |
2 files changed, 7 insertions, 1 deletions
@@ -1,5 +1,7 @@ 2017-08-16 Andreas Schwab <schwab@suse.de> + [BZ #16750] + CVE-2009-5064 * elf/ldd.bash.in: Never run file directly. 2017-08-15 H.J. Lu <hongjiu.lu@intel.com> @@ -22,7 +22,11 @@ Changes to build and runtime requirements: Security related changes: - [Add security related changes here] + CVE-2009-5064: The ldd script would sometimes run the program under + examination directly, without preventing code execution through the + dynamic linker. (The glibc project disputes that this is a security + vulnerability; only trusted binaries must be examined using the ldd + script.) The following bugs are resolved with this release: |