Advisories ยป MGASA-2016-0206

Updated glibc packages fix security vulnerabilities

Publication date: 23 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1234 , CVE-2016-3075 , CVE-2016-3706

Description

Updated glibc packages fix security vulnerabilities:

It was found that glob implementation in glibc does not correctly handle
overlong names in struct dirent buffers when GLOB_ALTDIRFUNC is used, causing
large stack-based buffer overflow with controlled length and content
(CVE-2016-1234).

A stack overflow vulnerability (unbounded allocation) in
_nss_dns_getnetbyname_r function was found (CVE-2016-3075).

stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6
(incomplete fix for CVE-2013-4458) (CVE-2016-3706).
                

References

SRPMS

5/core