From: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Wed, 2 Aug 2017 02:37:16 +0000 (+0530)
Subject: Update NEWS
X-Git-Tag: glibc-2.26~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e1113af30df05da38449d5a5ca3ca4decca451f9;p=thirdparty%2Fglibc.git

Update NEWS
---

diff --git a/ChangeLog b/ChangeLog
index 5a90364f904..a8539a37050 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2017-08-01  Siddhesh Poyarekar  <siddhesh@sourceware.org>
+
+	* NEWS: Update security-related changes.
+
 2017-07-30  Siddhesh Poyarekar  <siddhesh@sourceware.org>
 
 	* po/be.po: Update translations.
diff --git a/NEWS b/NEWS
index ab0fb545f89..bd48d18158f 100644
--- a/NEWS
+++ b/NEWS
@@ -194,7 +194,17 @@ Changes to build and runtime requirements:
 Security related changes:
 
 * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
-  to avoid fragmentation-based spoofing attacks.
+  to avoid fragmentation-based spoofing attacks (CVE-2017-12132).
+
+* LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE
+  mode to guard against local privilege escalation attacks (CVE-2017-1000366).
+
+* Avoid printing a backtrace from the __stack_chk_fail function since it is
+  called on a corrupt stack and a backtrace is unreliable on a corrupt stack
+  (CVE-2010-3192).
+
+* A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
+  fixed (CVE-2017-12133).
 
 The following bugs are resolved with this release: