aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog2
-rw-r--r--NEWS6
2 files changed, 7 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 7188d1ec46..e308ee9fc4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
2017-08-16 Andreas Schwab <schwab@suse.de>
+ [BZ #16750]
+ CVE-2009-5064
* elf/ldd.bash.in: Never run file directly.
2017-08-15 H.J. Lu <hongjiu.lu@intel.com>
diff --git a/NEWS b/NEWS
index 484c467569..0008df16c0 100644
--- a/NEWS
+++ b/NEWS
@@ -22,7 +22,11 @@ Changes to build and runtime requirements:
Security related changes:
- [Add security related changes here]
+ CVE-2009-5064: The ldd script would sometimes run the program under
+ examination directly, without preventing code execution through the
+ dynamic linker. (The glibc project disputes that this is a security
+ vulnerability; only trusted binaries must be examined using the ldd
+ script.)
The following bugs are resolved with this release: