Source: glibc Version: 2.19-18 Severity: important Tags: upstream security Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=21461
Hi, the following vulnerability was published for glibc, opening the bug to track the issue as well in the BTS. CVE-2017-8804[0]: | The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc | or libc6) 2.25 mishandle failures of buffer deserialization, which | allows remote attackers to cause a denial of service (virtual memory | allocation, or memory consumption if an overcommit setting is not used) | via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8804 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8804 [1] https://sourceware.org/bugzilla/show_bug.cgi?id=21461 Regards, Salvatore