Advisories » MGASA-2017-0091

Updated glibc packages fix security vulnerability

Publication date: 27 Mar 2017
Modification date: 27 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-5180 , CVE-2016-5417

Description

Florian Weimer discovered a NULL pointer dereference in the DNS
resolver of the GNU C Library. An attacker could use this to cause
a denial of service (CVE-2015-5180).

Tim Ruehsen discovered that the getaddrinfo() implementation in the
GNU C Library did not properly track memory allocations. An attacker
could use this to cause a denial of service (CVE-2016-5417).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20552
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5417

SRPMS

5/core

• glibc-2.20-24.mga5