Mageia Advisory: MGASA-2014-0262 - Updated musl package fixes CVE-2014-3484

Updated musl package fixes CVE-2014-3484

Publication date: 18 Jun 2014
Modification date: 18 Jun 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-3484

Description

Updated musl package fixes security vulnerability:

A remote stack-based buffer overflow has been found in musl libc's dns
response parsing code. The overflow can be triggered in programs linked
against musl libc and making dns queries via one of the standard interfaces
(getaddrinfo, getnameinfo, gethostbyname, gethostbyaddr, etc.) if one of the
configured nameservers in resolv.conf is controlled by an attacker, or if an
attacker can inject forged udp packets with control over their contents.
Denial of service is also possible via a related failure in loop detection
(CVE-2014-3484).

References

http://seclists.org/oss-sec/2014/q2/495
https://bugs.mageia.org/show_bug.cgi?id=13499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3484

SRPMS

4/core

musl-0.9.14-2.1.mga4

Advisories » MGASA-2014-0262

Updated musl package fixes CVE-2014-3484

Description

References

SRPMS

4/core