Conectiva Information for VU#542971
Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflow via network name and address lookups
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 14 Aug 2002
Conectiva Linux supported versions (6.0, 7.0 and 8) are not vulnerable to VU#803539 regarding glibc packages. Regarding VU#542971, these same versions of Conectiva Linux are vulnerable but not in the default installation, since /etc/nsswitch.conf ships without the dns parameter in the "networks:" line.
Updated glibc packages which fix the second vulnerability, VU#542971, will be provided.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Conectiva Linux Announcement CLSA-2002:507 (english).
If you have feedback, comments, or additional information about this vulnerability, please send us email.