aboutsummaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2016-05-04 12:09:35 +0200
committerFlorian Weimer <fweimer@redhat.com>2016-05-04 12:09:35 +0200
commit5171f3079f2cc53e0548fc4967361f4d1ce9d7ea (patch)
tree3d23357f6313d2d00017bf641fd61a3dc9459105 /NEWS
parent2faba597eca15666ce46cc721041747e96c8b942 (diff)
downloadglibc-5171f3079f2cc53e0548fc4967361f4d1ce9d7ea.tar
glibc-5171f3079f2cc53e0548fc4967361f4d1ce9d7ea.tar.gz
glibc-5171f3079f2cc53e0548fc4967361f4d1ce9d7ea.tar.bz2
glibc-5171f3079f2cc53e0548fc4967361f4d1ce9d7ea.zip
CVE-2016-1234: glob: Do not copy d_name field of struct dirent [BZ #19779]
Instead, we store the data we need from the return value of readdir in an object of the new type struct readdir_result. This type is independent of the layout of struct dirent.
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS4
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 1e12173dba..b3fd3cc2ec 100644
--- a/NEWS
+++ b/NEWS
@@ -44,6 +44,10 @@ Security related changes:
resulting in a stack overflow. getaddrinfo now uses a heap allocation
instead. Reported by Michael Petlan. (CVE-2016-3706)
+* The glob function suffered from a stack-based buffer overflow when it was
+ called with the GLOB_ALTDIRFUNC flag and encountered a long file name.
+ Reported by Alexander Cherepanov. (CVE-2016-1234)
+
The following bugs are resolved with this release:
[The release manager will add the list generated by