diff options
author | Florian Weimer <fweimer@redhat.com> | 2016-05-04 12:09:35 +0200 |
---|---|---|
committer | Aurelien Jarno <aurelien@aurel32.net> | 2016-05-12 17:32:07 +0200 |
commit | e97fb84811238c627f93e5e703a11eb841601947 (patch) | |
tree | f92d45cd41a5bd756ebf3f9bf790673e4cb7c9e7 /NEWS | |
parent | 5ae82aa4bf45cdaafeb1c25e09897eabff210de9 (diff) | |
download | glibc-e97fb84811238c627f93e5e703a11eb841601947.zip glibc-e97fb84811238c627f93e5e703a11eb841601947.tar.gz glibc-e97fb84811238c627f93e5e703a11eb841601947.tar.bz2 |
CVE-2016-1234: glob: Do not copy d_name field of struct dirent [BZ #19779]
Instead, we store the data we need from the return value of
readdir in an object of the new type struct readdir_result.
This type is independent of the layout of struct dirent.
(cherry picked from commit 5171f3079f2cc53e0548fc4967361f4d1ce9d7ea)
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -12,7 +12,7 @@ Version 2.19.1 15946, 16545, 16574, 16623, 16657, 16695, 16743, 16758, 16759, 16760, 16878, 16882, 16885, 16916, 16932, 16943, 16958, 17048, 17062, 17069, 17079, 17137, 17153, 17213, 17263, 17269, 17325, 17555, 17905, 18007, - 18032, 18080, 18240, 18287, 18508, 18905, 19879. + 18032, 18080, 18240, 18287, 18508, 18905, 19779, 19879. * A buffer overflow in gethostbyname_r and related functions performing DNS requests has been fixed. If the NSS functions were called with a @@ -68,6 +68,10 @@ Version 2.19.1 alloca call (in the form of a call to strdupa), leading to a stack overflow (stack exhaustion) and a crash if getnetbyname is invoked on a very long name. (CVE-2016-3075) + +* The glob function suffered from a stack-based buffer overflow when it was + called with the GLOB_ALTDIRFUNC flag and encountered a long file name. + Reported by Alexander Cherepanov. (CVE-2016-1234) Version 2.19 |