Mageia Advisory: MGASA-2016-0270 - Updated glibc and libtirpc packages fixes security vulnerability

Updated glibc and libtirpc packages fixes security vulnerability

Publication date: 31 Jul 2016
Modification date: 31 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4429

Description

A stack-based buffer overflow in the clntudp_call function in
sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote
servers to cause a denial of service (crash) or possibly unspecified other
impact via a flood of crafted ICMP and UDP packets (CVE-2016-4429).

A similar issue was fixed in lnt_dg_call in src/clnt_dg.c in libtirpc
package as part of this update.

Other fixes in this update:
- Fix static dlopen default library search path [Glibc BZ #17250]
- grantpt: trust the kernel about pty group and permission mode 
  [Glibc BZ #19347]

References

https://bugs.mageia.org/show_bug.cgi?id=18651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429

SRPMS

5/core

glibc-2.20-23.mga5
libtirpc-0.2.5-3.1.mga5

Advisories » MGASA-2016-0270

Updated glibc and libtirpc packages fixes security vulnerability

Description

References

SRPMS

5/core