MGASA-2017-0470

Advisory lineage Upstream: 5 Downstream: 0
Published: 28 Dec 2017, 13:16
Last modified:16 Apr 2026, 06:25

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

28 Dec 2017, 13:16
Published
Vulnerability first disclosed
16 Apr 2026, 06:25
Last Modified
Vulnerability information updated

Description

Updated glibc packages fix security vulnerabilities The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132, CVE-2017-12133). The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow (CVE-2017-15670). The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak) (CVE-2017-15671). The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804). As libtirpc is also affected by CVE-2017-12133, it's part of this update.

Affected Systems

  • mageiaglibc

    < 2.20-26.mga5

  • mageialibtirpc

    < 0.2.5-3.3.mga5

References (2)