mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-22 04:50:07 +00:00
Update NEWS
This commit is contained in:
parent
930324b356
commit
e1113af30d
@ -1,3 +1,7 @@
|
|||||||
|
2017-08-01 Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||||
|
|
||||||
|
* NEWS: Update security-related changes.
|
||||||
|
|
||||||
2017-07-30 Siddhesh Poyarekar <siddhesh@sourceware.org>
|
2017-07-30 Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||||
|
|
||||||
* po/be.po: Update translations.
|
* po/be.po: Update translations.
|
||||||
|
12
NEWS
12
NEWS
@ -194,7 +194,17 @@ Changes to build and runtime requirements:
|
|||||||
Security related changes:
|
Security related changes:
|
||||||
|
|
||||||
* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
|
* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
|
||||||
to avoid fragmentation-based spoofing attacks.
|
to avoid fragmentation-based spoofing attacks (CVE-2017-12132).
|
||||||
|
|
||||||
|
* LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE
|
||||||
|
mode to guard against local privilege escalation attacks (CVE-2017-1000366).
|
||||||
|
|
||||||
|
* Avoid printing a backtrace from the __stack_chk_fail function since it is
|
||||||
|
called on a corrupt stack and a backtrace is unreliable on a corrupt stack
|
||||||
|
(CVE-2010-3192).
|
||||||
|
|
||||||
|
* A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
|
||||||
|
fixed (CVE-2017-12133).
|
||||||
|
|
||||||
The following bugs are resolved with this release:
|
The following bugs are resolved with this release:
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user