AOSA-2017-0018: UPDATE GLIBC

FEBRUARY 8, 2017

Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program. -- Linus Torvalds

Please update your glibc package to version 2.25.

Two security vulnerabilities were addressed in the recently released GNU C Library, version 2.25:

  • On ARM EABI (32-bit), generating a backtrace for execution contexts which have been created with makecontext could fail to terminate due to a missing .cantunwind annotation. This has been observed to lead to a hang (denial of service) in some Go applications compiled with gccgo. Reported by Andreas Schwab. (CVE-2016-6323)
  • The DNS stub resolver functions would crash due to a NULL pointer dereference when processing a query with a valid DNS question type which was used internally in the implementation. The stub resolver now uses a question type which is outside the range of valid question type values. (CVE-2015-5180)

Relevant documentation:

1486523440152