Add references to CVE-2018-11236, CVE-2017-18269

author: Florian Weimer <fweimer@redhat.com> 2018-05-24 14:41:57 +0200
committer: Fangrui Song <i@maskray.me> 2021-08-27 16:22:13 -0700
commit: 537386b1c93f21c297907e99a5ba7c583b5f5006 (patch)
tree: df7c912282a87ddcf3345ba216bba933bc11e08b /NEWS
parent: 3eb848f53564dc1c7a5271031fd16cc312db2125 (diff)
download: glibc-537386b1c93f21c297907e99a5ba7c583b5f5006.zip
glibc-537386b1c93f21c297907e99a5ba7c583b5f5006.tar.gz
glibc-537386b1c93f21c297907e99a5ba7c583b5f5006.tar.bz2
1 files changed, 7 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index ee08fc3..28535db 100644
--- a/NEWS
+++ b/NEWS
@@ -52,6 +52,13 @@ The following bugs are resolved with this release:
 
 Security related changes:
 
+  CVE-2017-18269: An SSE2-based memmove implementation for the i386
+  architecture could corrupt memory.  Reported by Max Horn.
+
+  CVE-2018-11236: Very long pathname arguments to realpath function could
+  result in an integer overflow and buffer overflow.  Reported by Alexey
+  Izbyshev.
+
   CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
   architecture could write beyond the target buffer, resulting in a buffer
   overflow.  Reported by Andreas Schwab.
author	Florian Weimer <fweimer@redhat.com>	2018-05-24 14:41:57 +0200
committer	Fangrui Song <i@maskray.me>	2021-08-27 16:22:13 -0700
commit	537386b1c93f21c297907e99a5ba7c583b5f5006 (patch)
tree	df7c912282a87ddcf3345ba216bba933bc11e08b /NEWS
parent	3eb848f53564dc1c7a5271031fd16cc312db2125 (diff)
download	glibc-537386b1c93f21c297907e99a5ba7c583b5f5006.zip glibc-537386b1c93f21c297907e99a5ba7c583b5f5006.tar.gz glibc-537386b1c93f21c297907e99a5ba7c583b5f5006.tar.bz2