diff options
| -rw-r--r-- | NEWS | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -27,6 +27,10 @@ Version 2.24 Security related changes: +* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It + could result in a stack overflow when getnetbyname was called with an + overly long name. (CVE-2016-3075) + * Previously, getaddrinfo copied large amounts of address data to the stack, even after the fix for CVE-2013-4458 has been applied, potentially resulting in a stack overflow. getaddrinfo now uses a heap allocation |