diff mbox

NEWS update for CVE-2016-5417

Message ID f62d73d2-b294-0160-372c-7b3993bf73df@redhat.com
State Committed
Headers

Commit Message

Florian Weimer July 29, 2016, 9:36 p.m. UTC 
  CVE-2016-5417 was assigned to bug 19257.

Thanks,
Florian

Comments

Adhemerval Zanella Aug. 1, 2016, 2:53 p.m. UTC | #1 
LGTM for 2.24.

On 29/07/2016 18:36, Florian Weimer wrote:
> CVE-2016-5417 was assigned to bug 19257.
> 
> Thanks,
> Florian
diff mbox

Patch

commit fab382315ad3be7c773aaf7ca49c053cf91755fe
Author: Florian Weimer <fweimer@redhat.com>
Date:   Fri Jul 29 17:34:17 2016 -0400

    CVE-2016-5417 was assigned to bug 19257

diff --git a/NEWS b/NEWS
index e2737d5..680f792 100644
--- a/NEWS
+++ b/NEWS
@@ -66,6 +66,11 @@  Security related changes:
   flooded with crafted ICMP and UDP messages.  Reported by Aldy Hernandez'
   alloca plugin for GCC.  (CVE-2016-4429)
 
+* The IPv6 name server management code in libresolv could result in a memory
+  leak for each thread which is created, performs a failing naming lookup,
+  and exits.  Over time, this could result in a denial of service due to
+  memory exhaustion.  Reported by Matthias Schiffer.  (CVE-2016-5417)
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by