MGASA-2021-0150

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0150.html

Import Source

https://advisories.mageia.org/MGASA-2021-0150.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0150

Related

Published

2021-03-21T10:43:43Z

Modified

2021-03-21T09:51:01Z

Summary

Updated glibc packages fixes security vulnerabilities

Details

Updated glibc packages fix a security vulnerabilities:

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service (CVE-2020-27618).

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service (CVE-2021-3326).

The nameserver caching daemon (nscd), when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system (CVE-2021-27645).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / glibc

Package

Name: glibc
Purl: pkg:rpm/mageia/glibc?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.29-22.mga7

Ecosystem specific

{
    "section": "core"
}