diff options
author | Florian Weimer <fweimer@redhat.com> | 2014-09-03 19:45:43 +0200 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2014-09-03 19:46:42 +0200 |
commit | 41488498b6d9440ee66ab033808cce8323bba7ac (patch) | |
tree | c71261df9fe5e8fbd7193181e7a1ca8160cfa6bb /NEWS | |
parent | a78b712d405b55405b425e9b1453745615483003 (diff) | |
download | glibc-41488498b6d9440ee66ab033808cce8323bba7ac.zip glibc-41488498b6d9440ee66ab033808cce8323bba7ac.tar.gz glibc-41488498b6d9440ee66ab033808cce8323bba7ac.tar.bz2 |
CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325]
These changes are based on the fix for BZ #14134 in commit
6e230d11837f3ae7b375ea69d7905f0d18eb79e5.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -23,7 +23,7 @@ Version 2.20 16966, 16967, 16977, 16978, 16984, 16990, 16996, 17009, 17022, 17031, 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078, 17079, 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150, 17153, - 17187, 17213, 17259, 17261, 17262, 17263, 17319. + 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325. * Reverted change of ABI data structures for s390 and s390x: On s390 and s390x the size of struct ucontext and jmp_buf was increased in @@ -115,6 +115,11 @@ Version 2.20 normal gconv conversion modules are still supported. Transliteration with //TRANSLIT is still possible, and the //IGNORE specifier continues to be supported. (CVE-2014-5119) + +* Decoding a crafted input sequence in the character sets IBM933, IBM935, + IBM937, IBM939, IBM1364 could result in an out-of-bounds array read, + resulting a denial-of-service security vulnerability in applications which + use functions related to iconv. (CVE-2014-6040) Version 2.19 |