ALAS2-2020-1382

Affecting glibc-langpack-en package, versions <2.26-33.amzn2

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2016-10739: In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. 99999: CVE-2016-10739 glibc: getaddrinfo should reject IP addresses with trailing characters

References

CVE
ALAS2-2020-1382
Snyk ID
SNYK-AMZN2-GLIBCLANGPACKEN-542230
Published
16 Jan, 2020