Conectiva Information for VU#803539
Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflows
Conectiva Linux supported versions (6.0, 7.0 and 8) are not vulnerable to VU#803539 regarding glibc packages. Regarding VU#542971, these same versions of Conectiva Linux are vulnerable but not in the default installation, since /etc/nsswitch.conf ships without the dns parameter in the "networks:" line.
Updated glibc packages which fix the second vulnerability, VU#542971, will be provided.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Conectiva Linux Announcement CLSA-2002:507 (english).
If you have feedback, comments, or additional information about this vulnerability, please send us email.