CVE-2016-5417 was assigned to bug 19257

author Florian Weimer <fweimer@redhat.com>

Fri, 29 Jul 2016 21:34:17 +0000 (17:34 -0400)

committer Florian Weimer <fweimer@redhat.com>

Fri, 29 Jul 2016 21:34:17 +0000 (17:34 -0400)
author Florian Weimer <fweimer@redhat.com>
Fri, 29 Jul 2016 21:34:17 +0000 (17:34 -0400)
committer Florian Weimer <fweimer@redhat.com>
Fri, 29 Jul 2016 21:34:17 +0000 (17:34 -0400)
diff --git a/NEWS b/NEWS

index e2737d5f47a23a51319d0095f41185719d712374..680f792685a4827645aef3699bbf2b9922d65d24 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -66,6 +66,11 @@ Security related changes:
    flooded with crafted ICMP and UDP messages.  Reported by Aldy Hernandez'
    alloca plugin for GCC.  (CVE-2016-4429)
  
+* The IPv6 name server management code in libresolv could result in a memory
+  leak for each thread which is created, performs a failing naming lookup,
+  and exits.  Over time, this could result in a denial of service due to
+  memory exhaustion.  Reported by Matthias Schiffer.  (CVE-2016-5417)
+
  The following bugs are resolved with this release:
  
    [The release manager will add the list generated by
author	Florian Weimer <fweimer@redhat.com>
	Fri, 29 Jul 2016 21:34:17 +0000 (17:34 -0400)
committer	Florian Weimer <fweimer@redhat.com>
	Fri, 29 Jul 2016 21:34:17 +0000 (17:34 -0400)