Arch Linux Security Advisory ASA-201606-17 ========================================== Severity: Medium Date : 2016-06-19 CVE-ID : CVE-2016-4429 Package : lib32-glibc Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-glibc before version 2.23-5 is vulnerable to denial of service. Resolution ========== Upgrade to 2.23-5. # pacman -Syu "lib32-glibc>=2.23-5" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== clntudp_call allocates a buffer, using alloca, to store the payload of an incoming socket error. If a malicious server floods the client with crafted ICMP and UDP packets, this can cause the client to allocate sufficiently many such temporary buffers to cause a stack (frame) overflow (denial of service). The size of the allocated buffer depends on the request size. If the request size is close to the page size or even larger, this could cause the stack pointer to step over the guard page, leading to additional impact beyond denial of service. Impact ====== A remote attacker is able to send specially crafted ICMP and UDP packets that are leading to denial of service. References ========== https://access.redhat.com/security/cve/CVE-2016-4429 https://sourceware.org/bugzilla/show_bug.cgi?id=20112