MGASA-2016-0270

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0270.html

Import Source

https://advisories.mageia.org/MGASA-2016-0270.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0270

Related

CVE-2016-4429

Published

2016-07-31T20:39:13Z

Modified

2016-07-31T20:30:30Z

Summary

Updated glibc and libtirpc packages fixes security vulnerability

Details

A stack-based buffer overflow in the clntudpcall function in sunrpc/clntudp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets (CVE-2016-4429).

A similar issue was fixed in lntdgcall in src/clnt_dg.c in libtirpc package as part of this update.

Other fixes in this update: - Fix static dlopen default library search path [Glibc BZ #17250] - grantpt: trust the kernel about pty group and permission mode [Glibc BZ #19347]

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / glibc

Package

Name: glibc
Purl: pkg:rpm/mageia/glibc?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.20-23.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / libtirpc

Package

Name: libtirpc
Purl: pkg:rpm/mageia/libtirpc?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.5-3.1.mga5

Ecosystem specific

{
    "section": "core"
}