MGASA-2022-0028 - Updated glibc packages fix security vulnerabilities Publication date: 23 Jan 2022 URL: https://advisories.mageia.org/MGASA-2022-0028.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-23218, CVE-2022-23219 Updated glibc packages fix security vulnerabilities: The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution (CVE-2022-23218). The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution (CVE-2022-23219). References: - https://bugs.mageia.org/show_bug.cgi?id=29928 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23218 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23219 SRPMS: - 8/core/glibc-2.32-23.mga8