AOSA-2016-0030: Update Glibc to 2.24-2
December 1, 2016
Please update your glibc
package to version 2.24-2
, especially if you are using ARMv7 (armel
).
A fix was recently committed to Glibc's Git master to fix the following vulnerability:
And the vulnerability states:
"The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation."