{"id":"MGASA-2016-0270","summary":"Updated glibc and libtirpc packages fixes security vulnerability","details":"A stack-based buffer overflow in the clntudp_call function in\nsunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote\nservers to cause a denial of service (crash) or possibly unspecified other\nimpact via a flood of crafted ICMP and UDP packets (CVE-2016-4429).\n\nA similar issue was fixed in lnt_dg_call in src/clnt_dg.c in libtirpc\npackage as part of this update.\n\nOther fixes in this update:\n- Fix static dlopen default library search path [Glibc BZ #17250]\n- grantpt: trust the kernel about pty group and permission mode \n  [Glibc BZ #19347]\n","modified":"2026-04-16T06:23:20.547517819Z","published":"2016-07-31T20:39:13Z","upstream":["CVE-2016-4429"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0270.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18651"}],"affected":[{"package":{"name":"glibc","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/glibc?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.20-23.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0270.json"}},{"package":{"name":"libtirpc","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libtirpc?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.2.5-3.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0270.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}