AOSA-2017-0018: Update Glibc
February 8, 2017
Please update your glibc
package to version 2.25
.
Two security vulnerabilities were addressed in the recently released GNU C Library, version 2.25:
- On ARM EABI (32-bit), generating a backtrace for execution contexts which have been created with makecontext could fail to terminate due to a missing .cantunwind annotation. This has been observed to lead to a hang (denial of service) in some Go applications compiled with gccgo. Reported by Andreas Schwab. (CVE-2016-6323)
- The DNS stub resolver functions would crash due to a NULL pointer dereference when processing a query with a valid DNS question type which was used internally in the implementation. The stub resolver now uses a question type which is outside the range of valid question type values. (CVE-2015-5180)
Relevant documentation: