Update NEWS

This commit is contained in:
Siddhesh Poyarekar 2017-08-02 08:07:16 +05:30
parent 930324b356
commit e1113af30d
2 changed files with 15 additions and 1 deletions

View File

@ -1,3 +1,7 @@
2017-08-01 Siddhesh Poyarekar <siddhesh@sourceware.org>
* NEWS: Update security-related changes.
2017-07-30 Siddhesh Poyarekar <siddhesh@sourceware.org>
* po/be.po: Update translations.

12
NEWS
View File

@ -194,7 +194,17 @@ Changes to build and runtime requirements:
Security related changes:
* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
to avoid fragmentation-based spoofing attacks.
to avoid fragmentation-based spoofing attacks (CVE-2017-12132).
* LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE
mode to guard against local privilege escalation attacks (CVE-2017-1000366).
* Avoid printing a backtrace from the __stack_chk_fail function since it is
called on a corrupt stack and a backtrace is unreliable on a corrupt stack
(CVE-2010-3192).
* A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
fixed (CVE-2017-12133).
The following bugs are resolved with this release: