diff options
author | Florian Weimer <fweimer@redhat.com> | 2016-05-04 12:09:35 +0200 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2016-05-04 12:09:35 +0200 |
commit | 5171f3079f2cc53e0548fc4967361f4d1ce9d7ea (patch) | |
tree | 3d23357f6313d2d00017bf641fd61a3dc9459105 /NEWS | |
parent | 2faba597eca15666ce46cc721041747e96c8b942 (diff) | |
download | glibc-5171f3079f2cc53e0548fc4967361f4d1ce9d7ea.tar glibc-5171f3079f2cc53e0548fc4967361f4d1ce9d7ea.tar.gz glibc-5171f3079f2cc53e0548fc4967361f4d1ce9d7ea.tar.bz2 glibc-5171f3079f2cc53e0548fc4967361f4d1ce9d7ea.zip |
CVE-2016-1234: glob: Do not copy d_name field of struct dirent [BZ #19779]
Instead, we store the data we need from the return value of
readdir in an object of the new type struct readdir_result.
This type is independent of the layout of struct dirent.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -44,6 +44,10 @@ Security related changes: resulting in a stack overflow. getaddrinfo now uses a heap allocation instead. Reported by Michael Petlan. (CVE-2016-3706) +* The glob function suffered from a stack-based buffer overflow when it was + called with the GLOB_ALTDIRFUNC flag and encountered a long file name. + Reported by Alexander Cherepanov. (CVE-2016-1234) + The following bugs are resolved with this release: [The release manager will add the list generated by |