mirror/glibc
2
0
Fork 0
mirror of git://sourceware.org/git/glibc.git synced 2024-12-15 04:20:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

Document CVE-2023-4806 and CVE-2023-5156 in NEWS

Browse Source 
These are tracked in BZ #30884 and BZ #30843.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
This commit is contained in:
Siddhesh Poyarekar 2023-09-26 07:38:07 -04:00
parent f563971b5b
commit fd134feba3
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
NEWS
View File

@ -48,6 +48,15 @@ Security related changes:
2048 bytes, getaddrinfo may potentially disclose stack contents via 2048 bytes, getaddrinfo may potentially disclose stack contents via
the returned address data, or crash. the returned address data, or crash.
CVE-2023-4806: When an NSS plugin only implements the
_gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use
memory that was freed during buffer resizing, potentially causing a
crash or read or write to arbitrary memory.
CVE-2023-5156: The fix for CVE-2023-4806 introduced a memory leak when
an application calls getaddrinfo for AF_INET6 with AI_CANONNAME,
AI_ALL and AI_V4MAPPED flags set.
The following bugs are resolved with this release: The following bugs are resolved with this release:
[The release manager will add the list generated by [The release manager will add the list generated by