Fix CVE-2017-15670: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670 https://sourceware.org/bugzilla/show_bug.cgi?id=22320 https://bugzilla.redhat.com/show_bug.cgi?id=1504804 And CVE-2017-15671: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671 https://sourceware.org/bugzilla/show_bug.cgi?id=22325 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671 Copied from upstream: diff --git a/posix/glob.c b/posix/glob.c --- a/posix/glob.c +++ b/posix/glob.c @@ -843,7 +843,7 @@ *p = '\0'; } else - *((char *) mempcpy (newp, dirname + 1, end_name - dirname)) + *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1)) = '\0'; user_name = newp; }