Vulnerability CVE-2016-4429: Information
Description
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| glibc | sisyphus | 2.23-alt3 | 2.38.0.66.ge1135387de-alt1 | ALT-PU-2016-1598-1 | 165731 | Fixed |
| glibc | p10 | 2.23-alt3 | 2.32-alt5.p10.2 | ALT-PU-2016-1598-1 | 165731 | Fixed |
| glibc | p9 | 2.23-alt3 | 2.27-alt14 | ALT-PU-2016-1598-1 | 165731 | Fixed |
| glibc | p8 | 2.23-alt3 | 2.23-alt3.M80P.2 | ALT-PU-2016-1610-1 | 165771 | Fixed |
| glibc | c10f1 | 2.23-alt3 | 2.32-alt5.p10.2 | ALT-PU-2016-1598-1 | 165731 | Fixed |
| glibc | c9f2 | 2.23-alt3 | 2.27-alt14 | ALT-PU-2016-1598-1 | 165731 | Fixed |
| glibc | c7 | 2.17-alt5.M70C.12 | 2.17-alt5.M70C.14 | ALT-PU-2016-2029-1 | 169527 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=20112 |
|
| openSUSE-SU-2016:1527 |
|
| openSUSE-SU-2016:1779 |
|
| http://www-01.ibm.com/support/docview.wss?uid=swg21995039 |
|
| https://source.android.com/security/bulletin/2017-12-01 |
|
| 102073 |
|
| USN-3759-2 |
|
| USN-3759-1 |
|
| [debian-lts-announce] 20200628 [SECURITY] [DLA 2256-1] libtirpc security update | |
| N/A | |
| https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=bc779a1a5b3035133024b21e2f339fe4219fb11c |