aboutsummaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
authorSiddhesh Poyarekar <siddhesh@redhat.com>2013-10-25 10:22:12 +0530
committerSiddhesh Poyarekar <siddhesh@redhat.com>2013-10-25 10:22:12 +0530
commit7cbcdb3699584db8913ca90f705d6337633ee10f (patch)
treea260a3b6afb62ce20602c0672b6ea040e4db2c8c /NEWS
parent894f3f1049135dcbeaab8f18690973663ef3147c (diff)
downloadglibc-7cbcdb3699584db8913ca90f705d6337633ee10f.tar
glibc-7cbcdb3699584db8913ca90f705d6337633ee10f.tar.gz
glibc-7cbcdb3699584db8913ca90f705d6337633ee10f.tar.bz2
glibc-7cbcdb3699584db8913ca90f705d6337633ee10f.zip
Fix stack overflow due to large AF_INET6 requests
Resolves #16072 (CVE-2013-4458). This patch fixes another stack overflow in getaddrinfo when it is called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914, but the AF_INET6 case went undetected back then.
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS5
1 files changed, 4 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 3358ac6c84..9199b90d13 100644
--- a/NEWS
+++ b/NEWS
@@ -15,7 +15,7 @@ Version 2.19
15734, 15735, 15736, 15748, 15749, 15754, 15760, 15764, 15797, 15825,
15844, 15847, 15849, 15855, 15856, 15857, 15859, 15867, 15886, 15887,
15890, 15892, 15893, 15895, 15897, 15905, 15909, 15919, 15921, 15923,
- 15939, 15948, 15963, 15966, 15988, 16032, 16034, 16036, 16041.
+ 15939, 15948, 15963, 15966, 15988, 16032, 16034, 16036, 16041, 16072.
* CVE-2012-4412 The strcoll implementation caches indices and rules for
large collation sequences to optimize multiple passes. This cache
@@ -44,6 +44,9 @@ Version 2.19
heap when passed very large allocation size values (Bugzilla #15855,
#15856, #15857).
+* CVE-2013-4458 Stack overflow in getaddrinfo with large number of results
+ for AF_INET6 has been fixed (Bugzilla #16072).
+
* New locales: ak_GH, cmn_TW, hak_TW, lzh_TW, nan_TW, quz_PE, pap_AW, pap_CW,
ar_SS.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 15:49:54 +0000