GNU C Library v2.24 发布了,Glibc 是提供系统调用和基本函数的 C 库,比如open, malloc, printf等等。所有动态连接的程序都要用到它。 本次发布包含一些已知问题修复,5个安全问题漏洞修复,删除一些旧有功能函数,以及新增一些数学函数(nextup*()和 nextdown*())。 5个安全问题漏洞修复: * An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It
could result in a stack overflow when getnetbyname was called with an
overly long name. (CVE-2016-3075)
* Previously, getaddrinfo copied large amounts of address data to the stack,
even after the fix for CVE-2013-4458 has been applied, potentially
resulting in a stack overflow. getaddrinfo now uses a heap allocation
instead. Reported by Michael Petlan. (CVE-2016-3706)
* The glob function suffered from a stack-based buffer overflow when it was
called with the GLOB_ALTDIRFUNC flag and encountered a long file name.
Reported by Alexander Cherepanov. (CVE-2016-1234)
* The Sun RPC UDP client could exhaust all available stack space when
flooded with crafted ICMP and UDP messages. Reported by Aldy Hernandez'
alloca plugin for GCC. (CVE-2016-4429)
* The IPv6 name server management code in libresolv could result in a memory
leak for each thread which is created, performs a failing naming lookup,
and exits. Over time, this could result in a denial of service due to
memory exhaustion. Reported by Matthias Schiffer. (CVE-2016-5417) 更多具体改进信息以及Bug修复记录,可查看发布说明 | 
