The GNU C Library version 2.30 is now available

by
jake
from LWN.net on (#4ME21)

Version 2.30 of the GNU CLibrary (glibc) has been released. New features include Unicode 12.1.0support; wrappers for the getdents64(),gettid(), and tgkill()system calls on Linux; addition of a bunch of POSIX-proposed pthreadscalls; protections for memory allocation functions so that they cannotcause ptrdiff_t overflows; and more, such as fixes for twosecurity problems:

CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check size. For x86-64, memcmp on an object size larger than SSIZE_MAX has undefined behavior. On x32, the size_t argument may be passed in the lower 32 bits of the 64-bit RDX register with non-zero upper 32 bits. When it happened with the sign bit of RDX register set, memcmp gave the wrong result since it treated the size argument as zero. Reported by H.J. Lu.

CVE-2019-9169: Attempted case-insensitive regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read. Reported by Hongxu Chen.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments