Updated glibc packages fix security vulnerabilities
Publication date: 23 May 2016Modification date: 23 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1234 , CVE-2016-3075 , CVE-2016-3706
Description
Updated glibc packages fix security vulnerabilities: It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOB_ALTDIRFUNC is used, causing large stack-based buffer overflow with controlled length and content (CVE-2016-1234). A stack overflow vulnerability (unbounded allocation) in _nss_dns_getnetbyname_r function was found (CVE-2016-3075). stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458) (CVE-2016-3706).
References
- https://bugs.mageia.org/show_bug.cgi?id=18440
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ICIY2WE4MCXHRVFZPY24JZKPAXG4PDIZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WENVYEYN5OSQXJQV7L4TQOKH3BODV6PB/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3075
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706
SRPMS
5/core
- glibc-2.20-22.mga5