[security-announce] glibc: Security update
Adrian.Dudau at enea.com
Mon Mar 23 10:08:19 CET 2015
Enea Linux Security Advisory
Product/package: glibc 2.20
CVE Name: CVE-2014-9402
A security that patch fixes a denial of service vulnerability in
getnetbyname function is now available at
README file: 0010-glibc-CVE-2014-9402-endless-loop-in-getaddr_r.patch
Patch file: 0010-glibc-CVE-2014-9402-endless-loop-in-getaddr_r.patch
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc)
before 2.21, when the DNS backend in the Name Service Switch
configuration is enabled, allows remote attackers to cause a denial of
service (infinite loop) by sending a positive answer while a network
name is being process.
How to apply the patches
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order
tar zxvf Enea-Linux-5.0-beta-m400.tar.gz
<Fetch and apply the existing patches, please refer to
README file for the individual patch>
- Fetch and apply the new patch
patch -p1 < ./0010-glibc-CVE-2014-9402-endless-loop-in-getaddr_r.patch
If you have any questions regarding the security patches and security
updates please contact security at enea.com.
Enea Security Team
This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security-announce