[2.27 COMMITTED] Add references to CVE-2018-11236, CVE-2017-18269

public inbox for libc-stable@sourceware.org
 help / color / mirror / Atom feed

* [2.27 COMMITTED] Add references to CVE-2018-11236, CVE-2017-18269
@ 2018-01-01  0:00 Florian Weimer
  2018-01-01  0:00 ` Florian Weimer
  0 siblings, 1 reply; 3+ messages in thread
From: Florian Weimer @ 2018-01-01  0:00 UTC (permalink / raw)
  To: libc-stable

[-- Attachment #1: Type: text/plain, Size: 1 bytes --]



[-- Attachment #2: cve-housekeeping.patch --]
[-- Type: text/x-patch, Size: 1412 bytes --]

commit 50df56ca86a281c8fd99a8100aac75539813788d
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu May 24 14:41:57 2018 +0200

    Add references to CVE-2018-11236, CVE-2017-18269

diff --git a/ChangeLog b/ChangeLog
index 4aa9ff73f8..fefd9e43ea 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -34,6 +34,7 @@
 2018-05-09  Paul Pluzhnikov  <ppluzhnikov@google.com>
 
 	[BZ #22786]
+	CVE-2018-11236
 	* stdlib/canonicalize.c (__realpath): Fix overflow in path length
 	computation.
 	* stdlib/Makefile (test-bz22786): New test.
@@ -147,6 +148,7 @@
 	    Max Horn  <max@quendi.de>
 
 	[BZ #22644]
+	CVE-2017-18269
 	* sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S: Fixed
 	branch conditions.
 	* string/test-memmove.c (do_test2): New testcase.
diff --git a/NEWS b/NEWS
index ee08fc3d23..28535db4de 100644
--- a/NEWS
+++ b/NEWS
@@ -52,6 +52,13 @@ The following bugs are resolved with this release:
 
 Security related changes:
 
+  CVE-2017-18269: An SSE2-based memmove implementation for the i386
+  architecture could corrupt memory.  Reported by Max Horn.
+
+  CVE-2018-11236: Very long pathname arguments to realpath function could
+  result in an integer overflow and buffer overflow.  Reported by Alexey
+  Izbyshev.
+
   CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
   architecture could write beyond the target buffer, resulting in a buffer
   overflow.  Reported by Andreas Schwab.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [2.27 COMMITTED] Add references to CVE-2018-11236, CVE-2017-18269
  2018-01-01  0:00 [2.27 COMMITTED] Add references to CVE-2018-11236, CVE-2017-18269 Florian Weimer
@ 2018-01-01  0:00 ` Florian Weimer
  2018-01-01  0:00   ` Dmitry V. Levin
  0 siblings, 1 reply; 3+ messages in thread
From: Florian Weimer @ 2018-01-01  0:00 UTC (permalink / raw)
  To: libc-stable

[-- Attachment #1: Type: text/plain, Size: 45 bytes --]

And I had to fix it thusly.  Also committed.

[-- Attachment #2: cve-housekeeping.patch --]
[-- Type: text/x-patch, Size: 1827 bytes --]

commit 6c99e37f6fb640a50a3113b2dbee5d5389843c1e
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu May 24 15:50:29 2018 +0200

    NEWS: Move security-lated changes before bug list
    
    This matches the practice for previous releases.

diff --git a/NEWS b/NEWS
index 28535db4de..2c58d073a3 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,19 @@ Major new features:
   Czech languages.  The Catalan and Greek languages now support abbreviated
   alternative month names.
 
+Security related changes:
+
+  CVE-2017-18269: An SSE2-based memmove implementation for the i386
+  architecture could corrupt memory.  Reported by Max Horn.
+
+  CVE-2018-11236: Very long pathname arguments to realpath function could
+  result in an integer overflow and buffer overflow.  Reported by Alexey
+  Izbyshev.
+
+  CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
+  architecture could write beyond the target buffer, resulting in a buffer
+  overflow.  Reported by Andreas Schwab.
+
 The following bugs are resolved with this release:
 
   [6889] 'PWD' mentioned but not specified
@@ -50,19 +63,6 @@ The following bugs are resolved with this release:
   [23166] sunrpc: Remove stray exports without --enable-obsolete-rpc
   [23196] __mempcpy_avx512_no_vzeroupper mishandles large copies
 
-Security related changes:
-
-  CVE-2017-18269: An SSE2-based memmove implementation for the i386
-  architecture could corrupt memory.  Reported by Max Horn.
-
-  CVE-2018-11236: Very long pathname arguments to realpath function could
-  result in an integer overflow and buffer overflow.  Reported by Alexey
-  Izbyshev.
-
-  CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
-  architecture could write beyond the target buffer, resulting in a buffer
-  overflow.  Reported by Andreas Schwab.
-
 \f
 Version 2.27
 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [2.27 COMMITTED] Add references to CVE-2018-11236, CVE-2017-18269
  2018-01-01  0:00 ` Florian Weimer
@ 2018-01-01  0:00   ` Dmitry V. Levin
  0 siblings, 0 replies; 3+ messages in thread
From: Dmitry V. Levin @ 2018-01-01  0:00 UTC (permalink / raw)
  To: libc-stable

[-- Attachment #1: Type: text/plain, Size: 138 bytes --]

On Thu, May 24, 2018 at 03:51:31PM +0200, Florian Weimer wrote:
> And I had to fix it thusly.  Also committed.

Thanks!


-- 
ldv

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2018-05-24 14:46 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-01  0:00 [2.27 COMMITTED] Add references to CVE-2018-11236, CVE-2017-18269 Florian Weimer
2018-01-01  0:00 ` Florian Weimer
2018-01-01  0:00   ` Dmitry V. Levin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).