From patchwork Wed Jan 20 21:49:44 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 570916 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 5266A1402BF for ; Thu, 21 Jan 2016 08:50:03 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b=JMBx0hfc; dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:message-id:date:mime-version :content-type; q=dns; s=default; b=ANWVxqPw/dnhjs6O2Ox21En7i+eXt MOFa1P01jJoAQUVYKLbDRiaV0UBKn3WvCxZqEqXXA9BKWaHOtVjM7mSPP3MDAKew U2yNiBVhU1wpLPbK7iuc0p5E1N931MWTj2nfWKnb02sRHSYgOMGBeX0CtBLhp2LT oggEcWxf7nqYIw= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:message-id:date:mime-version :content-type; s=default; bh=pYm2G0FdgIpMivDQCh668gj4jC0=; b=JMB x0hfcezFiSofjR3cEIBAnksjbZ37yFl7sK6HVmCOHAQDK0YwxWQTih38z4srxOfF VDaJr/w3wHUnCHOuOMNXwVTp/SRBAda1QfjR3JLSJGkn+4RZ8PLKeAlwRG990C6d 2GS8IO8DMspjrI35BzxJ515e3Aiot7Y86MSWhgZE= Received: (qmail 124905 invoked by alias); 20 Jan 2016 21:49:49 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 124786 invoked by uid 89); 20 Jan 2016 21:49:49 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RP_MATCHES_RCVD, SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=479, adam, 75, 9, Previously X-HELO: mx1.redhat.com To: GNU C Library , Adhemerval Zanella From: Florian Weimer Subject: [PATCH] Add security bugs to NEWS Message-ID: <56A000F8.4030507@redhat.com> Date: Wed, 20 Jan 2016 22:49:44 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 This patch adds the recent CVE assignments to the NEWS file. Florian diff --git a/NEWS b/NEWS index 93c09be..9158bfe 100644 --- a/NEWS +++ b/NEWS @@ -47,9 +47,6 @@ Version 2.23 tzselect). This is useful for people who build the timezone data and code independent of the GNU C Library. -* The LD_POINTER_GUARD environment variable can no longer be used to - disable the pointer guard feature. It is always enabled. - * The obsolete header has been removed. Programs that require this header must be updated to use instead. @@ -75,9 +72,24 @@ Version 2.23 Security related changes: +* An out-of-bounds value in a broken-out struct tm argument to strftime no + longer causes a crash. Reported by Adam Nielsen. (CVE-2015-8776) + +* The LD_POINTER_GUARD environment variable can no longer be used to disable + the pointer guard feature. It is always enabled. Previously, + LD_POINTER_GUARD could be used to disable security hardening in binaries + running in privileged AT_SECURE mode. Reported by Hector Marco-Gisbert. + (CVE-2015-8777) + +* An integer overflow in hcreate and hcreate_r could lead to an + out-of-bounds memory access. Reported by Szabolcs Nagy. (CVE-2015-8778) + +* The catopen function no longer has unbounded stack usage. Reported by + Max. (CVE-2015-8779) + * The nan, nanf and nanl functions no longer have unbounded stack usage depending on the length of the string passed as an argument to the - functions. Reported by Joseph Myers. + functions. Reported by Joseph Myers. (CVE-2014-9761) * The following bugs are resolved with this release: