diff options
author | Florian Weimer <fweimer@redhat.com> | 2018-05-24 15:50:29 +0200 |
---|---|---|
committer | Fangrui Song <i@maskray.me> | 2021-08-27 16:22:13 -0700 |
commit | 121dc10a6d58a3488aa03233a8c3c9db067525aa (patch) | |
tree | 3539b85e37328219b2787ab880b5d171d78b40d1 /NEWS | |
parent | 537386b1c93f21c297907e99a5ba7c583b5f5006 (diff) | |
download | glibc-121dc10a6d58a3488aa03233a8c3c9db067525aa.zip glibc-121dc10a6d58a3488aa03233a8c3c9db067525aa.tar.gz glibc-121dc10a6d58a3488aa03233a8c3c9db067525aa.tar.bz2 |
NEWS: Move security-lated changes before bug list
This matches the practice for previous releases.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 26 |
1 files changed, 13 insertions, 13 deletions
@@ -13,6 +13,19 @@ Major new features: Czech languages. The Catalan and Greek languages now support abbreviated alternative month names. +Security related changes: + + CVE-2017-18269: An SSE2-based memmove implementation for the i386 + architecture could corrupt memory. Reported by Max Horn. + + CVE-2018-11236: Very long pathname arguments to realpath function could + result in an integer overflow and buffer overflow. Reported by Alexey + Izbyshev. + + CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi + architecture could write beyond the target buffer, resulting in a buffer + overflow. Reported by Andreas Schwab. + The following bugs are resolved with this release: [6889] 'PWD' mentioned but not specified @@ -50,19 +63,6 @@ The following bugs are resolved with this release: [23166] sunrpc: Remove stray exports without --enable-obsolete-rpc [23196] __mempcpy_avx512_no_vzeroupper mishandles large copies -Security related changes: - - CVE-2017-18269: An SSE2-based memmove implementation for the i386 - architecture could corrupt memory. Reported by Max Horn. - - CVE-2018-11236: Very long pathname arguments to realpath function could - result in an integer overflow and buffer overflow. Reported by Alexey - Izbyshev. - - CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi - architecture could write beyond the target buffer, resulting in a buffer - overflow. Reported by Andreas Schwab. - Version 2.27 |