diff options
author | Florian Weimer <fweimer@redhat.com> | 2019-11-22 13:45:03 +0100 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2019-11-22 13:45:03 +0100 |
commit | 5422ac2d08dec91d4eb61d20b5e4b121500a4b88 (patch) | |
tree | 7fbcae9f02a5c22521b1c59667f7cca2ae899886 /NEWS | |
parent | 2626b15e88e00b5e9c8cc3962cf4768a5344f07a (diff) | |
download | glibc-5422ac2d08dec91d4eb61d20b5e4b121500a4b88.zip glibc-5422ac2d08dec91d4eb61d20b5e4b121500a4b88.tar.gz glibc-5422ac2d08dec91d4eb61d20b5e4b121500a4b88.tar.bz2 |
Update NEWS for CVE-2019-19126
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -51,6 +51,12 @@ Security related changes: via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read. Reported by Hongxu Chen. + CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC + environment variable during program execution after a security + transition, allowing local attackers to restrict the possible mapping + addresses for loaded libraries and thus bypass ASLR for a setuid + program. Reported by Marcin KoĆcielnicki. + Version 2.29 |