aboutsummaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2016-05-04 12:09:35 +0200
committerAurelien Jarno <aurelien@aurel32.net>2016-05-12 17:32:07 +0200
commite97fb84811238c627f93e5e703a11eb841601947 (patch)
treef92d45cd41a5bd756ebf3f9bf790673e4cb7c9e7 /NEWS
parent5ae82aa4bf45cdaafeb1c25e09897eabff210de9 (diff)
downloadglibc-e97fb84811238c627f93e5e703a11eb841601947.zip
glibc-e97fb84811238c627f93e5e703a11eb841601947.tar.gz
glibc-e97fb84811238c627f93e5e703a11eb841601947.tar.bz2
CVE-2016-1234: glob: Do not copy d_name field of struct dirent [BZ #19779]
Instead, we store the data we need from the return value of readdir in an object of the new type struct readdir_result. This type is independent of the layout of struct dirent. (cherry picked from commit 5171f3079f2cc53e0548fc4967361f4d1ce9d7ea)
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS6
1 files changed, 5 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index b2a1871..00a8add 100644
--- a/NEWS
+++ b/NEWS
@@ -12,7 +12,7 @@ Version 2.19.1
15946, 16545, 16574, 16623, 16657, 16695, 16743, 16758, 16759, 16760,
16878, 16882, 16885, 16916, 16932, 16943, 16958, 17048, 17062, 17069,
17079, 17137, 17153, 17213, 17263, 17269, 17325, 17555, 17905, 18007,
- 18032, 18080, 18240, 18287, 18508, 18905, 19879.
+ 18032, 18080, 18240, 18287, 18508, 18905, 19779, 19879.
* A buffer overflow in gethostbyname_r and related functions performing DNS
requests has been fixed. If the NSS functions were called with a
@@ -68,6 +68,10 @@ Version 2.19.1
alloca call (in the form of a call to strdupa), leading to a stack
overflow (stack exhaustion) and a crash if getnetbyname is invoked
on a very long name. (CVE-2016-3075)
+
+* The glob function suffered from a stack-based buffer overflow when it was
+ called with the GLOB_ALTDIRFUNC flag and encountered a long file name.
+ Reported by Alexander Cherepanov. (CVE-2016-1234)
Version 2.19