Add references to CVE-2017-17426

author Florian Weimer <fweimer@redhat.com>

Wed, 6 Dec 2017 06:39:25 +0000 (07:39 +0100)

committer Florian Weimer <fweimer@redhat.com>

Wed, 6 Dec 2017 06:40:42 +0000 (07:40 +0100)
author Florian Weimer <fweimer@redhat.com>
Wed, 6 Dec 2017 06:39:25 +0000 (07:39 +0100)
committer Florian Weimer <fweimer@redhat.com>
Wed, 6 Dec 2017 06:40:42 +0000 (07:40 +0100)
diff --git a/ChangeLog b/ChangeLog

index ab41d9d947f40b9f6b852271fcb79515464223b8..6b752ac3dedb8f78a18a17a9885aae5653f0e3b7 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1164,6 +1164,7 @@
  2017-11-30  Arjun Shankar  <arjun@redhat.com>
  
         [BZ #22375]
+       CVE-2017-17426
         * malloc/malloc.c (__libc_malloc): Use checked_request2size
         instead of request2size.
  
diff --git a/NEWS b/NEWS

index dc5fe32cf8a946bea87240229c818d7b01b89885..faa60abe30142e6bcad5aa9d377c199916df46e8 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -112,6 +112,11 @@ Security related changes:
    without GLOB_NOESCAPE, could write past the end of a buffer while
    unescaping user names.  Reported by Tim Rühsen.
  
+  CVE-2017-17426: The malloc function, when called with an object size near
+  the value SIZE_MAX, would return a pointer to a buffer which is too small,
+  instead of NULL.  This was a regression introduced with the new malloc
+  thread cache in glibc 2.26.  Reported by Iain Buclaw.
+
  The following bugs are resolved with this release:
  
    [The release manager will add the list generated by
author	Florian Weimer <fweimer@redhat.com>
	Wed, 6 Dec 2017 06:39:25 +0000 (07:39 +0100)
committer	Florian Weimer <fweimer@redhat.com>
	Wed, 6 Dec 2017 06:40:42 +0000 (07:40 +0100)
ChangeLog		patch \| blob \| blame \| history
NEWS		patch \| blob \| blame \| history