Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Wed, 14 Dec 2016 18:17:28 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Scott Reid Subject: Security ERRATA Low: glibc on SL7.x x86_64 MIME-Version: 1.0 Message-ID: <20161214181728.3201.34769@slpackages.fnal.gov> Synopsis: Low: glibc security, bug fix, and enhancement update Advisory ID: SLSA-2016:2573-2 Issue Date: 2016-11-03 CVE Numbers: CVE-2016-3075 -- Security Fix(es): * A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include "networks: dns" with a privileged or network-facing service that would attempt to resolve user- provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution. (CVE-2016-3075) This issue was discovered by Florian Weimer (Red Hat). Additional Changes: -- SL7 x86_64 glibc-2.17-157.el7.i686.rpm glibc-2.17-157.el7.x86_64.rpm glibc-common-2.17-157.el7.x86_64.rpm glibc-debuginfo-2.17-157.el7.i686.rpm glibc-debuginfo-2.17-157.el7.x86_64.rpm glibc-debuginfo-common-2.17-157.el7.i686.rpm glibc-debuginfo-common-2.17-157.el7.x86_64.rpm glibc-devel-2.17-157.el7.i686.rpm glibc-devel-2.17-157.el7.x86_64.rpm glibc-headers-2.17-157.el7.x86_64.rpm glibc-utils-2.17-157.el7.x86_64.rpm nscd-2.17-157.el7.x86_64.rpm glibc-static-2.17-157.el7.i686.rpm glibc-static-2.17-157.el7.x86_64.rpm - Scientific Linux Development Team