AVG-368

Package glibc
Status Fixed
Severity Critical
Type multiple issues
Affected 2.25-7
Fixed 2.26-1
Current 2.28-5 [core]
Ticket None
Created Wed Aug 2 15:26:27 2017
Issue Severity Remote Type Description
CVE-2017-12133 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found the GNU C Library (aka glibc or libc6) before version 2.26, in clntudp_call in the Sun RPC system.
CVE-2017-12132 Medium Yes Content spoofing
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from...