ALAS-2019-1320


Amazon Linux AMI Security Advisory: ALAS-2019-1320
Advisory Release Date: 2019-11-22 03:22 Pacific
Severity: Medium
References: CVE-2016-10739 

Issue Overview:

In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. (CVE-2016-10739 )


Affected Packages:

glibc


Issue Correction:
Run yum update glibc to update your system.

New Packages:
i686:
    nscd-2.17-292.178.amzn1.i686
    glibc-common-2.17-292.178.amzn1.i686
    glibc-debuginfo-common-2.17-292.178.amzn1.i686
    glibc-devel-2.17-292.178.amzn1.i686
    glibc-static-2.17-292.178.amzn1.i686
    glibc-debuginfo-2.17-292.178.amzn1.i686
    glibc-utils-2.17-292.178.amzn1.i686
    glibc-2.17-292.178.amzn1.i686
    glibc-headers-2.17-292.178.amzn1.i686

src:
    glibc-2.17-292.178.amzn1.src

x86_64:
    glibc-static-2.17-292.178.amzn1.x86_64
    glibc-headers-2.17-292.178.amzn1.x86_64
    glibc-2.17-292.178.amzn1.x86_64
    glibc-debuginfo-common-2.17-292.178.amzn1.x86_64
    glibc-devel-2.17-292.178.amzn1.x86_64
    nscd-2.17-292.178.amzn1.x86_64
    glibc-common-2.17-292.178.amzn1.x86_64
    glibc-debuginfo-2.17-292.178.amzn1.x86_64
    glibc-utils-2.17-292.178.amzn1.x86_64