aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2017-12-06 07:39:25 +0100
committerFlorian Weimer <fweimer@redhat.com>2017-12-06 07:40:42 +0100
commit37ac8e635a29810318f6d79902102e2e96b2b5bf (patch)
treee9dc4ee94b88e8d0c64961a91c8e4a4def8bb774
parent87235d7006afcb681ff7422bae346da7dcd995d7 (diff)
downloadglibc-37ac8e635a29810318f6d79902102e2e96b2b5bf.zip
glibc-37ac8e635a29810318f6d79902102e2e96b2b5bf.tar.gz
glibc-37ac8e635a29810318f6d79902102e2e96b2b5bf.tar.bz2
Add references to CVE-2017-17426
-rw-r--r--ChangeLog1
-rw-r--r--NEWS5
2 files changed, 6 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index ab41d9d..6b752ac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1164,6 +1164,7 @@
2017-11-30 Arjun Shankar <arjun@redhat.com>
[BZ #22375]
+ CVE-2017-17426
* malloc/malloc.c (__libc_malloc): Use checked_request2size
instead of request2size.
diff --git a/NEWS b/NEWS
index dc5fe32..faa60ab 100644
--- a/NEWS
+++ b/NEWS
@@ -112,6 +112,11 @@ Security related changes:
without GLOB_NOESCAPE, could write past the end of a buffer while
unescaping user names. Reported by Tim Rühsen.
+ CVE-2017-17426: The malloc function, when called with an object size near
+ the value SIZE_MAX, would return a pointer to a buffer which is too small,
+ instead of NULL. This was a regression introduced with the new malloc
+ thread cache in glibc 2.26. Reported by Iain Buclaw.
+
The following bugs are resolved with this release:
[The release manager will add the list generated by