Updated glibc packages are available to fix two vulnerabilities in the resolver functions.
The glibc package contains standard libraries which are used by multiple programs on the system. A buffer overflow vulnerability has been found in the way the glibc resolver handles the resolution of network names and addresses via DNS (as per Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are affected. A system would be vulnerable to this issue if the "networks" database in /etc/nsswitch.conf includes the "dns" entry. By default, Red Hat Linux ships with "networks" set to "files" and is therefore not vulnerable to this issue. (CAN-2002-0684) A second, related, issue is a bug in the glibc-compat packages, which provide compatibility for applications compiled against glibc version 2.0.x. Applications compiled against this version (such as those distributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also be vulnerable to this issue. (CAN-2002-0651) These errata packages for Red Hat Linux 7.1 and 7.2 on the Itanium architecture also include a fix for the strncpy implementation in some boundary cases. All users should upgrade to these errata packages which contain patches to the glibc and glibc-compat libraries and therefore are not vulnerable to these issues.