{"id":"MGASA-2017-0470","summary":"Updated glibc packages fix security vulnerabilities","details":"The DNS stub resolver in the GNU C Library (aka glibc or libc6) before\nversion 2.26, when EDNS support is enabled, will solicit large UDP\nresponses from name servers, potentially simplifying off-path DNS\nspoofing attacks due to IP fragmentation.(CVE-2017-12132, CVE-2017-12133).\n\nThe GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one\nerror leading to a heap-based buffer overflow (CVE-2017-15670).\n\nThe glob function in glob.c in the GNU C Library (aka glibc or libc6)\nbefore 2.27, when invoked with GLOB_TILDE, could skip freeing allocated\nmemory when processing the ~ operator with a long user name, potentially\nleading to a denial of service (memory leak) (CVE-2017-15671).\n\nThe glob function in glob.c in the GNU C Library (aka glibc or libc6)\nbefore 2.27 contains a buffer overflow during unescaping of user names\nwith the ~ operator (CVE-2017-15804).\n\nAs libtirpc is also affected by CVE-2017-12133, it's part of this update.\n","modified":"2026-02-04T02:39:49.844651Z","published":"2017-12-28T13:16:56Z","related":["CVE-2017-12132","CVE-2017-12133","CVE-2017-15670","CVE-2017-15671","CVE-2017-15804"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0470.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22255"}],"affected":[{"package":{"name":"glibc","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/glibc?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.20-26.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0470.json"}},{"package":{"name":"libtirpc","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libtirpc?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.2.5-3.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0470.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}