diff options
author | Florian Weimer <fweimer@redhat.com> | 2015-04-24 17:34:47 +0200 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2015-04-24 17:34:48 +0200 |
commit | 42261ad731991df345880b0b509d83b0b9a9b9d8 (patch) | |
tree | 440bf43dca45a9002402ec602f0deaf3bfa6e3e3 /NEWS | |
parent | ed159672eb3cd650a32b7e5cb4d5ec1fe0e63802 (diff) | |
download | glibc-42261ad731991df345880b0b509d83b0b9a9b9d8.zip glibc-42261ad731991df345880b0b509d83b0b9a9b9d8.tar.gz glibc-42261ad731991df345880b0b509d83b0b9a9b9d8.tar.bz2 |
Make time zone file parser more robust [BZ #17715]
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 18 |
1 files changed, 12 insertions, 6 deletions
@@ -11,12 +11,12 @@ Version 2.22 4719, 6792, 13064, 14094, 14841, 14906, 15319, 15467, 15790, 15969, 16351, 16512, 16560, 16783, 16850, 17090, 17195, 17269, 17523, 17542, 17569, - 17588, 17596, 17620, 17621, 17628, 17631, 17711, 17776, 17779, 17792, - 17836, 17912, 17916, 17930, 17932, 17944, 17949, 17964, 17965, 17967, - 17969, 17978, 17987, 17991, 17996, 17998, 17999, 18019, 18020, 18029, - 18030, 18032, 18036, 18038, 18039, 18042, 18043, 18046, 18047, 18068, - 18080, 18093, 18100, 18104, 18110, 18111, 18128, 18138, 18185, 18197, - 18206, 18210, 18211, 18247, 18287. + 17588, 17596, 17620, 17621, 17628, 17631, 17711, 17715, 17776, 17779, + 17792, 17836, 17912, 17916, 17930, 17932, 17944, 17949, 17964, 17965, + 17967, 17969, 17978, 17987, 17991, 17996, 17998, 17999, 18019, 18020, + 18029, 18030, 18032, 18036, 18038, 18039, 18042, 18043, 18046, 18047, + 18068, 18080, 18093, 18100, 18104, 18110, 18111, 18128, 18138, 18185, + 18197, 18206, 18210, 18211, 18247, 18287. * Cache information can be queried via sysconf() function on s390 e.g. with _SC_LEVEL1_ICACHE_SIZE as argument. @@ -28,6 +28,12 @@ Version 2.22 potentially arbitrary code execution, using crafted, but syntactically valid DNS responses. (CVE-2015-1781) +* The time zone file parser has been made more robust against crafted time + zone files, avoiding heap buffer overflows related to the processing of + the tzh_ttisstdcnt and tzh_ttisgmtcnt fields, and a stack overflow due to + large time zone data files. Overly long time zone specifiers in the TZ + variable no longer result in stack overflows and crashes. + * A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors for LD and GD on x86 and x86-64, has been implemented. You will need binutils-2.24 or later to enable this optimization. |