This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.22-724-g6400ae6

From: fw at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 18 Feb 2016 14:17:54 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.22-724-g6400ae6

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  6400ae6ecf6376af230d3ec82a8541848d3239e9 (commit)
      from  a5df3210a641c175138052037fcdad34298bfa4d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6400ae6ecf6376af230d3ec82a8541848d3239e9

commit 6400ae6ecf6376af230d3ec82a8541848d3239e9
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Feb 18 15:10:11 2016 +0100

    NEWS: List additional fixed security bugs

diff --git a/NEWS b/NEWS
index f80ce9c..e5a6da1 100644
--- a/NEWS
+++ b/NEWS
@@ -47,9 +47,6 @@ Version 2.23
   tzselect).  This is useful for people who build the timezone data and code
   independent of the GNU C Library.
 
-* The LD_POINTER_GUARD environment variable can no longer be used to
-  disable the pointer guard feature.  It is always enabled.
-
 * The obsolete header <regexp.h> has been removed.  Programs that require
   this header must be updated to use <regex.h> instead.
 
@@ -75,9 +72,24 @@ Version 2.23
 
 Security related changes:
 
+* An out-of-bounds value in a broken-out struct tm argument to strftime no
+  longer causes a crash.  Reported by Adam Nielsen.  (CVE-2015-8776)
+
+* The LD_POINTER_GUARD environment variable can no longer be used to disable
+  the pointer guard feature.  It is always enabled.  Previously,
+  LD_POINTER_GUARD could be used to disable security hardening in binaries
+  running in privileged AT_SECURE mode.  Reported by Hector Marco-Gisbert.
+  (CVE-2015-8777)
+
+* An integer overflow in hcreate and hcreate_r could lead to an
+  out-of-bounds memory access.  Reported by Szabolcs Nagy.  (CVE-2015-8778)
+
+* The catopen function no longer has unbounded stack usage.  Reported by
+  Max.  (CVE-2015-8779)
+
 * The nan, nanf and nanl functions no longer have unbounded stack usage
   depending on the length of the string passed as an argument to the
-  functions.  Reported by Joseph Myers.
+  functions.  Reported by Joseph Myers.  (CVE-2014-9761)
 
 * A stack-based buffer overflow was found in libresolv when invoked from
   libnss_dns, allowing specially crafted DNS responses to seize control

-----------------------------------------------------------------------

Summary of changes:
 NEWS |   20 ++++++++++++++++----
 1 files changed, 16 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]