From patchwork Wed Dec  6 06:41:59 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Florian Weimer <fweimer@redhat.com>
X-Patchwork-Id: 24754
Received: (qmail 130710 invoked by alias); 6 Dec 2017 06:42:04 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 130597 invoked by uid 89); 6 Dec 2017 06:42:03 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-26.4 required=5.0 tests=BAYES_00, GIT_PATCH_0,
	GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_NUMSUBJECT,
	SPF_HELO_PASS,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=11647,
	arjun
X-HELO: mx1.redhat.com
To: GNU C Library <libc-alpha@sourceware.org>
From: Florian Weimer <fweimer@redhat.com>
Subject: [PATCH COMMITTED] Add references to CVE-2017-17426
Message-ID: <c80898c0-7c7f-0784-931b-7cf097f4c4a5@redhat.com>
Date: Wed, 6 Dec 2017 07:41:59 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
	Thunderbird/52.4.0
MIME-Version: 1.0

MITRE assigned a CVE ID.

Thanks,
Florian

commit 37ac8e635a29810318f6d79902102e2e96b2b5bf
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Dec 6 07:39:25 2017 +0100

    Add references to CVE-2017-17426

diff --git a/ChangeLog b/ChangeLog
index ab41d9d947..6b752ac3de 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1164,6 +1164,7 @@
 2017-11-30  Arjun Shankar  <arjun@redhat.com>
 
 	[BZ #22375]
+	CVE-2017-17426
 	* malloc/malloc.c (__libc_malloc): Use checked_request2size
 	instead of request2size.
 
diff --git a/NEWS b/NEWS
index dc5fe32cf8..faa60abe30 100644
--- a/NEWS
+++ b/NEWS
@@ -112,6 +112,11 @@ Security related changes:
   without GLOB_NOESCAPE, could write past the end of a buffer while
   unescaping user names.  Reported by Tim Rühsen.
 
+  CVE-2017-17426: The malloc function, when called with an object size near
+  the value SIZE_MAX, would return a pointer to a buffer which is too small,
+  instead of NULL.  This was a regression introduced with the new malloc
+  thread cache in glibc 2.26.  Reported by Iain Buclaw.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by