Mageia 8: MGASA-2021-0308 Critical: glibc Use-After-Free DoS
mageia
June 30, 2021
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free
Summary
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and
2.33 has a use-after-free. It may use the notification thread attributes
object (passed through its struct sigevent parameter) after it has been
freed by the caller, leading to a denial of service (application crash)
or possibly unspecified other impact (CVE-2021-33574).
Other fixes in this update:
- fix triggers so ldconfig is always run on both installing and uninstalling libs (mga#28797)
- Fix SXID_ERASE behavior in setuid programs [BZ#27471]
References
- https://bugs.mageia.org/show_bug.cgi?id=29142
- https://bugs.mageia.org/show_bug.cgi?id=28797
- https://sourceware.org/bugzilla/show_bug.cgi?id=27471
- https://www.cve.org/CVERecord?id=CVE-2021-33574
Topics Covered
Resolution
SRPMS
- 8/core/glibc-2.32-16.mga8
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 30 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0308.html
Type: security
CVE: CVE-2021-33574
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!