ArchLinux: 201606-17: lib32-glibc: denial of service
Summary
clntudp_call allocates a buffer, using alloca, to store the payload of
an incoming socket error. If a malicious server floods the client with
crafted ICMP and UDP packets, this can cause the client to allocate
sufficiently many such temporary buffers to cause a stack (frame)
overflow (denial of service).
The size of the allocated buffer depends on the request size. If the
request size is close to the page size or even larger, this could cause
the stack pointer to step over the guard page, leading to additional
impact beyond denial of service.
Resolution
Upgrade to 2.23-5.
# pacman -Syu "lib32-glibc>=2.23-5"
The problem has been fixed upstream but no release is available yet.
References
https://access.redhat.com/security/cve/CVE-2016-4429 https://sourceware.org/bugzilla/show_bug.cgi?id=20112
Workaround
None.