aboutsummaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS14
1 files changed, 14 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 93c09be..f80ce9c 100644
--- a/NEWS
+++ b/NEWS
@@ -79,6 +79,20 @@ Security related changes:
depending on the length of the string passed as an argument to the
functions. Reported by Joseph Myers.
+* A stack-based buffer overflow was found in libresolv when invoked from
+ libnss_dns, allowing specially crafted DNS responses to seize control
+ of execution flow in the DNS client. The buffer overflow occurs in
+ the functions send_dg (send datagram) and send_vc (send TCP) for the
+ NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
+ family. The use of AF_UNSPEC triggers the low-level resolver code to
+ send out two parallel queries for A and AAAA. A mismanagement of the
+ buffers used for those queries could result in the response of a query
+ writing beyond the alloca allocated buffer created by
+ _nss_dns_gethostbyname4_r. Buffer management is simplified to remove
+ the overflow. Thanks to the Google Security Team and Red Hat for
+ reporting the security impact of this issue, and Robert Holiday of
+ Ciena for reporting the related bug 18665. (CVE-2015-7547)
+
* The following bugs are resolved with this release:
[The release manager will add the list generated by