Message ID | a11ad975-c6cf-a183-8b94-ec9a0345ad0c@gotplt.org |
---|---|
State | New |
Headers | show |
On 07/31/2017 02:13 PM, Siddhesh Poyarekar wrote: > On Sunday 30 July 2017 05:46 PM, Joseph Myers wrote: >> On Mon, 3 Jul 2017, Joseph Myers wrote: >> >>> The NEWS section for security-related changes in 2.26 seems very >>> incomplete, with only a single entry. It clearly needs to be filled out. >>> If people know of other significant changes missing from the main NEWS >>> section for 2.26, they should add those as well. >> >> Reminder: the security-related section is still almost empty. This needs >> to be fixed before the release. > > This is what I've come up with based on bugzilla. I'll commit this > before release if it looks OK. Also missing: * A use-after-free vulnerability in clntudp_call in the Sun RPC system has been fixed. Thanks, Florian
On Tuesday 01 August 2017 02:16 PM, Florian Weimer wrote: > * A use-after-free vulnerability in clntudp_call in the Sun RPC system > has been fixed. Is there a CVE number for this or just a preventive fix you put in? Siddhesh
On 08/01/2017 11:20 AM, Siddhesh Poyarekar wrote: > On Tuesday 01 August 2017 02:16 PM, Florian Weimer wrote: >> * A use-after-free vulnerability in clntudp_call in the Sun RPC system >> has been fixed. > > Is there a CVE number for this or just a preventive fix you put in? There will be a CVE number, but I haven't got one yet, sorry. Florian
* Florian Weimer: > On 08/01/2017 11:20 AM, Siddhesh Poyarekar wrote: >> On Tuesday 01 August 2017 02:16 PM, Florian Weimer wrote: >>> * A use-after-free vulnerability in clntudp_call in the Sun RPC system >>> has been fixed. >> >> Is there a CVE number for this or just a preventive fix you put in? > > There will be a CVE number, but I haven't got one yet, sorry. We have CVE assignments now: https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2017-12132 https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2017-12133
diff --git a/NEWS b/NEWS index ab0fb54..e068557 100644 --- a/NEWS +++ b/NEWS @@ -196,6 +196,13 @@ Security related changes: * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes, to avoid fragmentation-based spoofing attacks. +* LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE + mode to guard against local privilege escalation attacks (CVE-2017-1000366). + +* Avoid printing a backtrace from the __stack_chk_fail function since it is + called on a corrupt stack and a backtrace is unreliable on a corrupt stack + (CVE-2010-3192).