Security 10808 Published by

Red Hat has released an updated glibc package for Red Hat 6.2/7.x



Updated glibc packages are available to fix a buffer overflow in the resolver.

The GNU C library package, glibc, contains standard libraries used by multiple programs on the system.

A read buffer overflow vulnerability exists in the glibc resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes and can cause applications to crash.

All Red Hat Linux users are advised to upgrade to these errata packages which contain a patch to correct this vulnerability.

This errata has been updated to work with programs querying DNS from extremely small stack sizes, such as MySQL.
Read more