GNU C Library v2.24 发布了,Glibc 是提供系统调用和基本函数的 C 库,比如open, malloc, printf等等。所有动态连接的程序都要用到它。 本次发布包含一些已知问题修复,5个安全问题漏洞修复,删除一些旧有功能函数,以及新增一些数学函数(nextup*()和 nextdown*())。 5个安全问题漏洞修复: * An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It could result in a stack overflow when getnetbyname was called with an overly long name. (CVE-2016-3075) * Previously, getaddrinfo copied large amounts of address data to the stack, even after the fix for CVE-2013-4458 has been applied, potentially resulting in a stack overflow. getaddrinfo now uses a heap allocation instead. Reported by Michael Petlan. (CVE-2016-3706) * The glob function suffered from a stack-based buffer overflow when it was called with the GLOB_ALTDIRFUNC flag and encountered a long file name. Reported by Alexander Cherepanov. (CVE-2016-1234) * The Sun RPC UDP client could exhaust all available stack space when flooded with crafted ICMP and UDP messages. Reported by Aldy Hernandez' alloca plugin for GCC. (CVE-2016-4429) * The IPv6 name server management code in libresolv could result in a memory leak for each thread which is created, performs a failing naming lookup, and exits. Over time, this could result in a denial of service due to memory exhaustion. Reported by Matthias Schiffer. (CVE-2016-5417) 更多具体改进信息以及Bug修复记录,可查看发布说明 GNU C Library v2.24 发布下载地址
