GLIBC 2.23 tagging and release
Commit Message
On 02/18/2016 02:49 PM, Adhemerval Zanella wrote:
>
>
> On 18-02-2016 11:27, Joseph Myers wrote:
>> On Thu, 18 Feb 2016, Adhemerval Zanella wrote:
>>
>>> Hi all,
>>>
>>> As we discussed yesterday [1] the *only* impeding fix for 2.23 release is
>>> the ABI for AArch64 string inlines. The patch is already posted [2] and
>>
>> Florian's NEWS patch for security issues is also required and is duly
>> listed under release blockers on the wiki page.
>
> Indeed. Florian, could you please update the NEWS patch?
Sure, I've committed the attached patch.
Florian
From 6400ae6ecf6376af230d3ec82a8541848d3239e9 Mon Sep 17 00:00:00 2001
Message-Id: <6400ae6ecf6376af230d3ec82a8541848d3239e9.1455805054.git.fweimer@redhat.com>
From: Florian Weimer <fweimer@redhat.com>
Date: Thu, 18 Feb 2016 15:10:11 +0100
Subject: [PATCH] NEWS: List additional fixed security bugs
To: libc-alpha@sourceware.org
---
NEWS | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
@@ -47,9 +47,6 @@ Version 2.23
tzselect). This is useful for people who build the timezone data and code
independent of the GNU C Library.
-* The LD_POINTER_GUARD environment variable can no longer be used to
- disable the pointer guard feature. It is always enabled.
-
* The obsolete header <regexp.h> has been removed. Programs that require
this header must be updated to use <regex.h> instead.
@@ -75,9 +72,24 @@ Version 2.23
Security related changes:
+* An out-of-bounds value in a broken-out struct tm argument to strftime no
+ longer causes a crash. Reported by Adam Nielsen. (CVE-2015-8776)
+
+* The LD_POINTER_GUARD environment variable can no longer be used to disable
+ the pointer guard feature. It is always enabled. Previously,
+ LD_POINTER_GUARD could be used to disable security hardening in binaries
+ running in privileged AT_SECURE mode. Reported by Hector Marco-Gisbert.
+ (CVE-2015-8777)
+
+* An integer overflow in hcreate and hcreate_r could lead to an
+ out-of-bounds memory access. Reported by Szabolcs Nagy. (CVE-2015-8778)
+
+* The catopen function no longer has unbounded stack usage. Reported by
+ Max. (CVE-2015-8779)
+
* The nan, nanf and nanl functions no longer have unbounded stack usage
depending on the length of the string passed as an argument to the
- functions. Reported by Joseph Myers.
+ functions. Reported by Joseph Myers. (CVE-2014-9761)
* A stack-based buffer overflow was found in libresolv when invoked from
libnss_dns, allowing specially crafted DNS responses to seize control
--
2.4.3