Lucene search

K
amazonAmazonALAS-2019-1320
HistoryNov 19, 2019 - 5:30 p.m.

Medium: glibc

2019-11-1917:30:00
alas.aws.amazon.com
41

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

23.0%

Issue Overview:

In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. (CVE-2016-10739)

Affected Packages:

glibc

Issue Correction:
Run yum update glibc to update your system.

New Packages:

i686:  
    nscd-2.17-292.178.amzn1.i686  
    glibc-common-2.17-292.178.amzn1.i686  
    glibc-debuginfo-common-2.17-292.178.amzn1.i686  
    glibc-devel-2.17-292.178.amzn1.i686  
    glibc-static-2.17-292.178.amzn1.i686  
    glibc-debuginfo-2.17-292.178.amzn1.i686  
    glibc-utils-2.17-292.178.amzn1.i686  
    glibc-2.17-292.178.amzn1.i686  
    glibc-headers-2.17-292.178.amzn1.i686  
  
src:  
    glibc-2.17-292.178.amzn1.src  
  
x86_64:  
    glibc-static-2.17-292.178.amzn1.x86_64  
    glibc-headers-2.17-292.178.amzn1.x86_64  
    glibc-2.17-292.178.amzn1.x86_64  
    glibc-debuginfo-common-2.17-292.178.amzn1.x86_64  
    glibc-devel-2.17-292.178.amzn1.x86_64  
    nscd-2.17-292.178.amzn1.x86_64  
    glibc-common-2.17-292.178.amzn1.x86_64  
    glibc-debuginfo-2.17-292.178.amzn1.x86_64  
    glibc-utils-2.17-292.178.amzn1.x86_64  

Additional References

Red Hat: CVE-2016-10739

Mitre: CVE-2016-10739

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

23.0%