AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-14 01:00:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

NEWS entry for CVE-2016-3075

Browse Source
This commit is contained in:
Florian Weimer 2016-04-29 10:47:40 +02:00
parent 4ab2ab03d4
commit f5b3338d70
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -27,6 +27,10 @@ Version 2.24
Security related changes: Security related changes:
* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It
could result in a stack overflow when getnetbyname was called with an
overly long name. (CVE-2016-3075)
* Previously, getaddrinfo copied large amounts of address data to the stack, * Previously, getaddrinfo copied large amounts of address data to the stack,
even after the fix for CVE-2013-4458 has been applied, potentially even after the fix for CVE-2013-4458 has been applied, potentially
resulting in a stack overflow. getaddrinfo now uses a heap allocation resulting in a stack overflow. getaddrinfo now uses a heap allocation