<= Back

AOSA-2017-0018: Update Glibc

Please update your glibc package to version 2.25.

Two security vulnerabilities were addressed in the recently released GNU C Library, version 2.25:

  • On ARM EABI (32-bit), generating a backtrace for execution contexts which have been created with makecontext could fail to terminate due to a missing .cantunwind annotation. This has been observed to lead to a hang (denial of service) in some Go applications compiled with gccgo. Reported by Andreas Schwab. (CVE-2016-6323)
  • The DNS stub resolver functions would crash due to a NULL pointer dereference when processing a query with a valid DNS question type which was used internally in the implementation. The stub resolver now uses a question type which is outside the range of valid question type values. (CVE-2015-5180)

Relevant documentation: