From patchwork Fri Jul 29 21:36:15 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 654204 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3s1MVk52lZz9t1v for ; Sat, 30 Jul 2016 07:36:30 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b=k3LerLW5; dkim-atps=neutral DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:message-id:date:mime-version :content-type; q=dns; s=default; b=McBcIf/y1MsLENIJrY6vCnu8XUNIR eU/bbJcHkg8zZ1AvlaWIOER2LsgwC7g8QujLz/P/l2v4i1YzalIBkNpiL8eQPYPy IpF26C1IgglPdkByJ/LHQ8LaW+RUtPfGdbdjpJ7BBvE24nWcwaklqaUp9DCI7fzK NYgjxqcOHiDaXA= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:message-id:date:mime-version :content-type; s=default; bh=iJySTYtHILn+XnkiGmHj3EqGkx4=; b=k3L erLW5h2AkJ4AzubkyIJscU4vdnCEkGw9aJogZlGny8AHLqIABobYWeirDruwnoVL VXAW+EdVpgJcKyTojwq87C3IhlsnXuTvcvu7A3L62/ssdJsUvrvI3qgvU1bcMBFv g1lkI7gf5tUewGU4XxvpRAdsePQ3mh+lw7e6pF3o= Received: (qmail 17694 invoked by alias); 29 Jul 2016 21:36:24 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 17653 invoked by uid 89); 29 Jul 2016 21:36:23 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.2 required=5.0 tests=BAYES_00, RP_MATCHES_RCVD, SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=Reported, management, news X-HELO: mx1.redhat.com To: GNU C Library , Adhemerval Zanella From: Florian Weimer Subject: NEWS update for CVE-2016-5417 Message-ID: Date: Fri, 29 Jul 2016 17:36:15 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 CVE-2016-5417 was assigned to bug 19257. Thanks, Florian commit fab382315ad3be7c773aaf7ca49c053cf91755fe Author: Florian Weimer Date: Fri Jul 29 17:34:17 2016 -0400 CVE-2016-5417 was assigned to bug 19257 diff --git a/NEWS b/NEWS index e2737d5..680f792 100644 --- a/NEWS +++ b/NEWS @@ -66,6 +66,11 @@ Security related changes: flooded with crafted ICMP and UDP messages. Reported by Aldy Hernandez' alloca plugin for GCC. (CVE-2016-4429) +* The IPv6 name server management code in libresolv could result in a memory + leak for each thread which is created, performs a failing naming lookup, + and exits. Over time, this could result in a denial of service due to + memory exhaustion. Reported by Matthias Schiffer. (CVE-2016-5417) + The following bugs are resolved with this release: [The release manager will add the list generated by