From fc58942b399b240b939e160e164ce95da3cefd10 Mon Sep 17 00:00:00 2001 From: Tulio Magno Quites Machado Filho <tuliom@linux.vnet.ibm.com> Date: Fri, 1 Apr 2016 15:58:16 -0300 Subject: [PATCH 52/65] NEWS: update from previous commit --- NEWS | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index a3dd3c7..8aa1206 100644 --- a/NEWS +++ b/NEWS @@ -25,7 +25,12 @@ Version 2.22.1 17905, 18420, 18421, 18480, 18589, 18743, 18778, 18781, 18787, 18796, 18870, 18887, 18921, 18928, 18969, 18985, 19003, 19018, 19058, 19174, - 19178, 19590, 19682, 19791, 19822. + 19178, 19590, 19682, 19791, 19822, 19879. + +* The getnetbyname implementation in nss_dns had a potentially unbounded + alloca call (in the form of a call to strdupa), leading to a stack + overflow (stack exhaustion) and a crash if getnetbyname is invoked + on a very long name. (CVE-2016-3075) * The LD_POINTER_GUARD environment variable can no longer be used to disable the pointer guard feature. It is always enabled. -- 2.7.4