{"id":"MGASA-2021-0150","summary":"Updated glibc packages fixes security vulnerabilities","details":"Updated glibc packages fix a security vulnerabilities:\n\nThe iconv function in the GNU C Library (aka glibc or libc6) 2.32 and\nearlier, when processing invalid multi-byte input sequences in IBM1364,\nIBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the\ninput state, which could lead to an infinite loop in applications,\nresulting in a denial of service (CVE-2020-27618).\n\nThe iconv function in the GNU C Library (aka glibc or libc6) 2.32 and\nearlier, when processing invalid input sequences in the ISO-2022-JP-3\nencoding, fails an assertion in the code path and aborts the program,\npotentially resulting in a denial of service (CVE-2021-3326).\n\nThe nameserver caching daemon (nscd), when processing a request for netgroup\nlookup, may crash due to a double-free, potentially resulting in degraded\nservice or Denial of Service on the local system (CVE-2021-27645).\n","modified":"2026-04-16T04:44:10.809224391Z","published":"2021-03-21T10:43:43Z","upstream":["CVE-2020-27618","CVE-2021-27645","CVE-2021-3326"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0150.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28246"}],"affected":[{"package":{"name":"glibc","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/glibc?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.29-22.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0150.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}