ALAS2-2020-1517

Affecting glibc-minimal-langpack package, versions <2.26-36.amzn2

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to ALAS2-2020-1517. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2016-10739: In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. 1347549: CVE-2016-10739 glibc: getaddrinfo should reject IP addresses with trailing characters

Remediation

Upgrade glibc-minimal-langpack to version or higher.

References

CVE
ALAS2-2020-1517
Snyk ID
SNYK-AMZN2-GLIBCMINIMALLANGPACK-1022636
Published
28 Oct, 2020