Conectiva Information for VU#803539

Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflows

Status

Affected

Vendor Statement

Conectiva Linux supported versions (6.0, 7.0 and 8) are not vulnerable to VU#803539 regarding glibc packages. Regarding VU#542971, these same versions of Conectiva Linux are vulnerable but not in the default installation, since /etc/nsswitch.conf ships without the dns parameter in the "networks:" line.

Updated glibc packages which fix the second vulnerability, VU#542971, will be provided.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Please see Conectiva Linux Announcement CLSA-2002:507 (english).

If you have feedback, comments, or additional information about this vulnerability, please send us email.