[prev in list] [next in list] [prev in thread] [next in thread]
List: glibc-cvs
Subject: GNU C Library master sources branch release/2.26/master updated. glibc-2.26-160-g4df8479
From: fw () sourceware ! org
Date: 2018-05-24 14:27:50
Message-ID: 20180524142750.74266.qmail () sourceware ! org
[Download RAW message or body]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, release/2.26/master has been updated
via 4df8479e6b3baf365bd4eedbba922b73471e5d73 (commit)
from a5bc5ec96765ab7cf681449f194abf4aa5620423 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4df8479e6b3baf365bd4eedbba922b73471e5d73
commit 4df8479e6b3baf365bd4eedbba922b73471e5d73
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu May 24 16:27:38 2018 +0200
Add NEWS entry for CVE-2018-11236
diff --git a/NEWS b/NEWS
index 27548fd..c6c5538 100644
--- a/NEWS
+++ b/NEWS
@@ -74,6 +74,10 @@ Security related changes:
the value of SIZE_MAX, would return a pointer to a buffer which is too
small, instead of NULL.
+ CVE-2018-11236: Very long pathname arguments to realpath function could
+ result in an integer overflow and buffer overflow. Reported by Alexey
+ Izbyshev.
+
CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
architecture could write beyond the target buffer, resulting in a buffer
overflow. Reported by Andreas Schwab.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
hooks/post-receive
--
GNU C Library master sources
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic