aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2017-08-16 16:47:20 +0200
committerTulio Magno Quites Machado Filho <tuliom@linux.ibm.com>2018-04-06 16:26:37 -0300
commit407ec876262f0e6f55635ea0783f1f4a6c5d127f (patch)
tree67c1bd4154ed778857305c9afa377bfa55138b01
parentd2450a97c3df5527ea0fd49743bc354c979c185f (diff)
downloadglibc-407ec876262f0e6f55635ea0783f1f4a6c5d127f.zip
glibc-407ec876262f0e6f55635ea0783f1f4a6c5d127f.tar.gz
glibc-407ec876262f0e6f55635ea0783f1f4a6c5d127f.tar.bz2
Add ChangeLog reference to bug 16750/CVE-2009-5064
(cherry picked from commit 403143e1df85dadd374f304bd891be0cd7573e3b)
Diffstat
-rw-r--r--ChangeLog2
-rw-r--r--NEWS6
2 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index dfacabe..a01b406 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -48,6 +48,8 @@
2017-08-16 Andreas Schwab <schwab@suse.de>
+ [BZ #16750]
+ CVE-2009-5064
* elf/ldd.bash.in: Never run file directly.
2016-10-14 Carlos Eduardo Seo <cseo@linux.vnet.ibm.com>
diff --git a/NEWS b/NEWS
index ebebb40..d7c016c 100644
--- a/NEWS
+++ b/NEWS
@@ -81,6 +81,12 @@ Version 2.22.1
to the allocation of too much memory. (This is not a security bug per se,
it is mentioned here only because of the CVE assignment.) Reported by
Qualys.
+
+* CVE-2009-5064: The ldd script would sometimes run the program under
+ examination directly, without preventing code execution through the
+ dynamic linker. (The glibc project disputes that this is a security
+ vulnerability; only trusted binaries must be examined using the ldd
+ script.)
Version 2.22
generated by cgit v1.1 at 2024-11-21 16:03:21 +0000