Updated glibc and libtirpc packages fixes security vulnerability
Publication date: 31 Jul 2016Modification date: 31 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4429
Description
A stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets (CVE-2016-4429). A similar issue was fixed in lnt_dg_call in src/clnt_dg.c in libtirpc package as part of this update. Other fixes in this update: - Fix static dlopen default library search path [Glibc BZ #17250] - grantpt: trust the kernel about pty group and permission mode [Glibc BZ #19347]
References
SRPMS
5/core
- glibc-2.20-23.mga5
- libtirpc-0.2.5-3.1.mga5