NEWS update for CVE-2016-5417
Commit Message
CVE-2016-5417 was assigned to bug 19257.
Thanks,
Florian
Comments
LGTM for 2.24.
On 29/07/2016 18:36, Florian Weimer wrote:
> CVE-2016-5417 was assigned to bug 19257.
>
> Thanks,
> Florian
commit fab382315ad3be7c773aaf7ca49c053cf91755fe
Author: Florian Weimer <fweimer@redhat.com>
Date: Fri Jul 29 17:34:17 2016 -0400
CVE-2016-5417 was assigned to bug 19257
@@ -66,6 +66,11 @@ Security related changes:
flooded with crafted ICMP and UDP messages. Reported by Aldy Hernandez'
alloca plugin for GCC. (CVE-2016-4429)
+* The IPv6 name server management code in libresolv could result in a memory
+ leak for each thread which is created, performs a failing naming lookup,
+ and exits. Over time, this could result in a denial of service due to
+ memory exhaustion. Reported by Matthias Schiffer. (CVE-2016-5417)
+
The following bugs are resolved with this release:
[The release manager will add the list generated by