Add references to CVE-2017-17426

2024-11-21 12:30:06 +00:00 · 2017-12-06 07:39:25 +01:00 · 2017-12-06 07:39:25 +01:00 · 37ac8e635a
commit 37ac8e635a
parent 87235d7006
2 changed files with 6 additions and 0 deletions
--- a/1
+++ b/1
@ -1164,6 +1164,7 @@
 2017-11-30  Arjun Shankar  <arjun@redhat.com>

 	[BZ #22375]
+	CVE-2017-17426
 	* malloc/malloc.c (__libc_malloc): Use checked_request2size
 	instead of request2size.

--- a/5
+++ b/5
@ -112,6 +112,11 @@ Security related changes:
  without GLOB_NOESCAPE, could write past the end of a buffer while
  unescaping user names.  Reported by Tim Rühsen.

+  CVE-2017-17426: The malloc function, when called with an object size near
+  the value SIZE_MAX, would return a pointer to a buffer which is too small,
+  instead of NULL.  This was a regression introduced with the new malloc
+  thread cache in glibc 2.26.  Reported by Iain Buclaw.
+
 The following bugs are resolved with this release:

  [The release manager will add the list generated by