{"id":"MGASA-2017-0464","summary":"Updated glibc packages fix security vulnerabilities","details":"The DNS stub resolver in the GNU C Library (aka glibc or libc6) before\nversion 2.26, when EDNS support is enabled, will solicit large UDP\nresponses from name servers, potentially simplifying off-path DNS\nspoofing attacks due to IP fragmentation.(CVE-2017-12132, CVE-2017-12133).\n\nThe GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one\nerror leading to a heap-based buffer overflow (CVE-2017-15670).\n\nThe glob function in glob.c in the GNU C Library (aka glibc or libc6)\nbefore 2.27, when invoked with GLOB_TILDE, could skip freeing allocated\nmemory when processing the ~ operator with a long user name, potentially\nleading to a denial of service (memory leak) (CVE-2017-15671).\n\nThe glob function in glob.c in the GNU C Library (aka glibc or libc6)\nbefore 2.27 contains a buffer overflow during unescaping of user names\nwith the ~ operator (CVE-2017-15804).\n\nAs libtirpc is also affected by CVE-2017-12133, it's part of this update.\n","modified":"2026-01-31T01:19:06.073840Z","published":"2017-12-22T10:31:08Z","related":["CVE-2017-12132","CVE-2017-12133","CVE-2017-15670","CVE-2017-15671","CVE-2017-15804"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0464.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21582"}],"affected":[{"package":{"name":"glibc","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/glibc?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.22-26.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0464.json"}},{"package":{"name":"libtirpc","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libtirpc?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1-5.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0464.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}