aboutsummaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
authorCarlos O'Donell <carlos@redhat.com>2013-09-23 00:52:09 -0400
committerCarlos O'Donell <carlos@redhat.com>2013-09-23 00:52:09 -0400
commitc61b4d41c9647a54a329aa021341c0eb032b793e (patch)
treec4a665c232a7d37786a6f3b5e3f56d0ae11480e8 /NEWS
parent58a96064d193317236b740998e134b652d3d62ad (diff)
downloadglibc-c61b4d41c9647a54a329aa021341c0eb032b793e.zip
glibc-c61b4d41c9647a54a329aa021341c0eb032b793e.tar.gz
glibc-c61b4d41c9647a54a329aa021341c0eb032b793e.tar.bz2
BZ #15754: CVE-2013-4788
The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature being disabled. The pointer guard is now correctly initialized to a random value for static applications. Existing static applications need to be recompiled to take advantage of the fix. The test tst-ptrguard1-static and tst-ptrguard1 add regression coverage to ensure the pointer guards are sufficiently random and initialized to a default value.
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS12
1 files changed, 9 insertions, 3 deletions
diff --git a/NEWS b/NEWS
index b52b52e..62c58b2 100644
--- a/NEWS
+++ b/NEWS
@@ -10,9 +10,15 @@ Version 2.19
* The following bugs are resolved with this release:
13985, 14155, 14699, 15427, 15522, 15531, 15532, 15640, 15736, 15748,
- 15749, 15797, 15844, 15849, 15855, 15856, 15857, 15859, 15867, 15886,
- 15887, 15890, 15892, 15893, 15895, 15897, 15905, 15909, 15919, 15921,
- 15923, 15939, 15963, 15966.
+ 15749, 15754, 15797, 15844, 15849, 15855, 15856, 15857, 15859, 15867,
+ 15886, 15887, 15890, 15892, 15893, 15895, 15897, 15905, 15909, 15919,
+ 15921, 15923, 15939, 15963, 15966.
+
+* CVE-2013-4788 The pointer guard used for pointer mangling was not
+ initialized for static applications resulting in the security feature
+ being disabled. The pointer guard is now correctly initialized to a
+ random value for static applications. Existing static applications need
+ to be recompiled to take advantage of the fix (bug 15754).
* CVE-2013-4237 The readdir_r function could write more than NAME_MAX bytes
to the d_name member of struct dirent, or omit the terminating NUL