From: Aurelien Jarno <aurelien@aurel32.net>
To: libc-stable@sourceware.org
Cc: Florian Weimer <fweimer@redhat.com>
Subject: [2.24 COMMITTED 4/4] Add references to CVE-2017-18269, CVE-2018-11236, CVE-2018-11237
Date: Mon, 01 Jan 2018 00:00:00 -0000 [thread overview]
Message-ID: <20181220233902.20796-4-aurelien@aurel32.net> (raw)
In-Reply-To: <20181220233902.20796-1-aurelien@aurel32.net>
From: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit 43d4f3d5ad94e1fa5e56d7a7200d0e9f3d8e2f02)
---
ChangeLog | 2 ++
NEWS | 11 +++++++++++
2 files changed, 13 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index f650db1d59..988615f03b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,7 @@
2018-05-09 Paul Pluzhnikov <ppluzhnikov@google.com>
[BZ #22786]
+ CVE-2018-11236
* stdlib/canonicalize.c (__realpath): Fix overflow in path length
computation.
* stdlib/Makefile (test-bz22786): New test.
@@ -19,6 +20,7 @@
Max Horn <max@quendi.de>
[BZ #22644]
+ CVE-2017-18269
* sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S: Fixed
branch conditions.
* string/test-memmove.c (do_test2): New testcase.
diff --git a/NEWS b/NEWS
index 7e1859b78e..13ac8dd911 100644
--- a/NEWS
+++ b/NEWS
@@ -49,6 +49,17 @@ Security related changes:
for AT_SECURE or SUID binaries could be used to load libraries from the
current directory.
+ CVE-2017-18269: An SSE2-based memmove implementation for the i386
+ architecture could corrupt memory. Reported by Max Horn.
+
+ CVE-2018-11236: Very long pathname arguments to realpath function could
+ result in an integer overflow and buffer overflow. Reported by Alexey
+ Izbyshev.
+
+ CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
+ architecture could write beyond the target buffer, resulting in a buffer
+ overflow. Reported by Andreas Schwab.
+
The following bugs are resolved with this release:
[20790] Fix rpcgen buffer overrun
--
2.19.2
next prev parent reply other threads:[~2018-12-20 23:39 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-01 0:00 [2.24 COMMITTED 1/4] Fix i386 memmove issue (bug 22644) Aurelien Jarno
2018-01-01 0:00 ` Aurelien Jarno [this message]
2018-01-01 0:00 ` [2.24 COMMITTED 2/4] Fix BZ 22786: integer addition overflow may cause stack buffer overflow when realpath() input length is close to SSIZE_MAX Aurelien Jarno
2018-01-01 0:00 ` [2.24 COMMITTED 3/4] Don't write beyond destination in __mempcpy_avx512_no_vzeroupper (bug 23196) Aurelien Jarno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181220233902.20796-4-aurelien@aurel32.net \
--to=aurelien@aurel32.net \
--cc=fweimer@redhat.com \
--cc=libc-stable@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).