aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSiddhesh Poyarekar <siddhesh@sourceware.org>2017-08-02 08:07:16 +0530
committerSiddhesh Poyarekar <siddhesh@sourceware.org>2017-08-02 08:07:16 +0530
commite1113af30df05da38449d5a5ca3ca4decca451f9 (patch)
tree56d0cb9e006cc146da16b1736462e1eafb73f675
parent930324b356778b985d26f30fd0386163852a35fe (diff)
downloadglibc-e1113af30df05da38449d5a5ca3ca4decca451f9.tar
glibc-e1113af30df05da38449d5a5ca3ca4decca451f9.tar.gz
glibc-e1113af30df05da38449d5a5ca3ca4decca451f9.tar.bz2
glibc-e1113af30df05da38449d5a5ca3ca4decca451f9.zip
Update NEWS
-rw-r--r--ChangeLog4
-rw-r--r--NEWS12
2 files changed, 15 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 5a90364f90..a8539a3705 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2017-08-01 Siddhesh Poyarekar <siddhesh@sourceware.org>
+
+ * NEWS: Update security-related changes.
+
2017-07-30 Siddhesh Poyarekar <siddhesh@sourceware.org>
* po/be.po: Update translations.
diff --git a/NEWS b/NEWS
index ab0fb545f8..bd48d18158 100644
--- a/NEWS
+++ b/NEWS
@@ -194,7 +194,17 @@ Changes to build and runtime requirements:
Security related changes:
* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
- to avoid fragmentation-based spoofing attacks.
+ to avoid fragmentation-based spoofing attacks (CVE-2017-12132).
+
+* LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE
+ mode to guard against local privilege escalation attacks (CVE-2017-1000366).
+
+* Avoid printing a backtrace from the __stack_chk_fail function since it is
+ called on a corrupt stack and a backtrace is unreliable on a corrupt stack
+ (CVE-2010-3192).
+
+* A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
+ fixed (CVE-2017-12133).
The following bugs are resolved with this release: