|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0262 (musl)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0262: Updated musl package fixes CVE-2014-3484 


Date:
    	      Wed, 18 Jun 2014 19:55:27 +0200


Message-ID:
    	      <20140618175528.1FB9043BFA@valstar.mageia.org>


MGASA-2014-0262 - Updated musl package fixes CVE-2014-3484

Publication date: 18 Jun 2014
URL: http://advisories.mageia.org/MGASA-2014-0262.html
Type: security
Affected Mageia releases: 4
CVE: CVE-2014-3484

Description:
Updated musl package fixes security vulnerability:

A remote stack-based buffer overflow has been found in musl libc's dns
response parsing code. The overflow can be triggered in programs linked
against musl libc and making dns queries via one of the standard interfaces
(getaddrinfo, getnameinfo, gethostbyname, gethostbyaddr, etc.) if one of the
configured nameservers in resolv.conf is controlled by an attacker, or if an
attacker can inject forged udp packets with control over their contents.
Denial of service is also possible via a related failure in loop detection
(CVE-2014-3484).

References:
- http://seclists.org/oss-sec/2014/q2/495
- https://bugs.mageia.org/show_bug.cgi?id=13499
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3484

SRPMS:
- 4/core/musl-0.9.14-2.1.mga4
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds