Add NEWS entry for CVE-2016-6323

2024-11-21 12:30:06 +00:00 · 2016-08-16 11:15:09 +02:00 · 2016-08-16 11:15:09 +02:00 · 4d047efdbc
commit 4d047efdbc
parent fc86a87d78
2 changed files with 6 additions and 1 deletions
--- a/1
+++ b/1
@ -8,6 +8,7 @@
 2016-08-15  Andreas Schwab  <schwab@suse.de>

 	[BZ #20435]
+	CVE-2016-6323
 	* sysdeps/unix/sysv/linux/arm/setcontext.S (__startcontext): Mark
 	as .cantunwind.

--- a/6
+++ b/6
@ -34,7 +34,11 @@ Version 2.25

 Security related changes:

-  [Add security related changes here]
+  On ARM EABI (32-bit), generating a backtrace for execution contexts which
+  have been created with makecontext could fail to terminate due to a
+  missing .cantunwind annotation.  This has been observed to lead to a hang
+  (denial of service) in some Go applications compiled with gccgo.  Reported
+  by Andreas Schwab.

 The following bugs are resolved with this release: