This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: GLIBC 2.23 tagging and release

From: Florian Weimer <fweimer at redhat dot com>
To: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>, Joseph Myers <joseph at codesourcery dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>
Date: Thu, 18 Feb 2016 15:18:52 +0100
Subject: Re: GLIBC 2.23 tagging and release
Authentication-results: sourceware.org; auth=none
References: <56C5BB2C dot 3050009 at linaro dot org> <alpine dot DEB dot 2 dot 10 dot 1602181324560 dot 6649 at digraph dot polyomino dot org dot uk> <56C5CBE8 dot 3050805 at linaro dot org>

On 02/18/2016 02:49 PM, Adhemerval Zanella wrote:
> 
> 
> On 18-02-2016 11:27, Joseph Myers wrote:
>> On Thu, 18 Feb 2016, Adhemerval Zanella wrote:
>>
>>> Hi all,
>>>
>>> As we discussed yesterday [1] the *only* impeding fix for 2.23 release is
>>> the ABI for AArch64 string inlines.  The patch is already posted [2] and
>>
>> Florian's NEWS patch for security issues is also required and is duly 
>> listed under release blockers on the wiki page.
> 
> Indeed. Florian, could you please update the NEWS patch?

Sure, I've committed the attached patch.

Florian

>From 6400ae6ecf6376af230d3ec82a8541848d3239e9 Mon Sep 17 00:00:00 2001
Message-Id: <6400ae6ecf6376af230d3ec82a8541848d3239e9.1455805054.git.fweimer@redhat.com>
From: Florian Weimer <fweimer@redhat.com>
Date: Thu, 18 Feb 2016 15:10:11 +0100
Subject: [PATCH] NEWS: List additional fixed security bugs
To: libc-alpha@sourceware.org

---
 NEWS | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index f80ce9c..e5a6da1 100644
--- a/NEWS
+++ b/NEWS
@@ -47,9 +47,6 @@ Version 2.23
   tzselect).  This is useful for people who build the timezone data and code
   independent of the GNU C Library.
 
-* The LD_POINTER_GUARD environment variable can no longer be used to
-  disable the pointer guard feature.  It is always enabled.
-
 * The obsolete header <regexp.h> has been removed.  Programs that require
   this header must be updated to use <regex.h> instead.
 
@@ -75,9 +72,24 @@ Version 2.23
 
 Security related changes:
 
+* An out-of-bounds value in a broken-out struct tm argument to strftime no
+  longer causes a crash.  Reported by Adam Nielsen.  (CVE-2015-8776)
+
+* The LD_POINTER_GUARD environment variable can no longer be used to disable
+  the pointer guard feature.  It is always enabled.  Previously,
+  LD_POINTER_GUARD could be used to disable security hardening in binaries
+  running in privileged AT_SECURE mode.  Reported by Hector Marco-Gisbert.
+  (CVE-2015-8777)
+
+* An integer overflow in hcreate and hcreate_r could lead to an
+  out-of-bounds memory access.  Reported by Szabolcs Nagy.  (CVE-2015-8778)
+
+* The catopen function no longer has unbounded stack usage.  Reported by
+  Max.  (CVE-2015-8779)
+
 * The nan, nanf and nanl functions no longer have unbounded stack usage
   depending on the length of the string passed as an argument to the
-  functions.  Reported by Joseph Myers.
+  functions.  Reported by Joseph Myers.  (CVE-2014-9761)
 
 * A stack-based buffer overflow was found in libresolv when invoked from
   libnss_dns, allowing specially crafted DNS responses to seize control
-- 
2.4.3

References:
- GLIBC 2.23 tagging and release
  - From: Adhemerval Zanella
- Re: GLIBC 2.23 tagging and release
  - From: Joseph Myers
- Re: GLIBC 2.23 tagging and release
  - From: Adhemerval Zanella

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]