GNU C Library v2.24 发布了,Glibc 是提供系统调用和基本函数的 C 库,比如open, malloc, printf等等。所有动态连接的程序都要用到它。
本次发布包含一些已知问题修复,5个安全问题漏洞修复,删除一些旧有功能函数,以及新增一些数学函数(nextup*()和 nextdown*())。
5个安全问题漏洞修复:
* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It could result in a stack overflow when getnetbyname was called with an overly long name. (CVE-2016-3075)
* Previously, getaddrinfo copied large amounts of address data to the stack, even after the fix for CVE-2013-4458 has been applied, potentially resulting in a stack overflow. getaddrinfo now uses a heap allocation instead. Reported by Michael Petlan. (CVE-2016-3706)
* The glob function suffered from a stack-based buffer overflow when it was called with the GLOB_ALTDIRFUNC flag and encountered a long file name. Reported by Alexander Cherepanov. (CVE-2016-1234)
* The Sun RPC UDP client could exhaust all available stack space when flooded with crafted ICMP and UDP messages. Reported by Aldy Hernandez' alloca plugin for GCC. (CVE-2016-4429)
* The IPv6 name server management code in libresolv could result in a memory leak for each thread which is created, performs a failing naming lookup, and exits. Over time, this could result in a denial of service due to memory exhaustion. Reported by Matthias Schiffer. (CVE-2016-5417)
软件详情:http://lwn.net/Articles/696469/
下载地址:http://ftp.gnu.org/gnu/glibc/
来自:开源中国社区
