AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-21 20:40:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add references to CVE-2017-17426

Browse Source
This commit is contained in:
Florian Weimer 2017-12-06 07:39:25 +01:00
parent 87235d7006
commit 37ac8e635a
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -1164,6 +1164,7 @@
2017-11-30 Arjun Shankar <arjun@redhat.com> 2017-11-30 Arjun Shankar <arjun@redhat.com>
[BZ #22375] [BZ #22375]
CVE-2017-17426
* malloc/malloc.c (__libc_malloc): Use checked_request2size * malloc/malloc.c (__libc_malloc): Use checked_request2size
instead of request2size. instead of request2size.

5
NEWS
View File

@ -112,6 +112,11 @@ Security related changes:
without GLOB_NOESCAPE, could write past the end of a buffer while without GLOB_NOESCAPE, could write past the end of a buffer while
unescaping user names. Reported by Tim Rühsen. unescaping user names. Reported by Tim Rühsen.
CVE-2017-17426: The malloc function, when called with an object size near
the value SIZE_MAX, would return a pointer to a buffer which is too small,
instead of NULL. This was a regression introduced with the new malloc
thread cache in glibc 2.26. Reported by Iain Buclaw.
The following bugs are resolved with this release: The following bugs are resolved with this release:
[The release manager will add the list generated by [The release manager will add the list generated by