Advisories ยป MGASA-2016-0270

Updated glibc and libtirpc packages fixes security vulnerability

Publication date: 31 Jul 2016
Modification date: 31 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4429


A stack-based buffer overflow in the clntudp_call function in
sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote
servers to cause a denial of service (crash) or possibly unspecified other
impact via a flood of crafted ICMP and UDP packets (CVE-2016-4429).

A similar issue was fixed in lnt_dg_call in src/clnt_dg.c in libtirpc
package as part of this update.

Other fixes in this update:
- Fix static dlopen default library search path [Glibc BZ #17250]
- grantpt: trust the kernel about pty group and permission mode 
  [Glibc BZ #19347]