A stack overflow vulnerability in the catopen function was found, causing applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=17905 CVE assignment: http://seclists.org/oss-sec/2016/q1/153
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1300314]
Mitigation: Do not use applications which call catopen with unbounded strings. The catopen function is rarely used. Typical application usage involves passing a short, constant string to catopen, so most applications are not affect even if they call catopen.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0680 https://rhn.redhat.com/errata/RHSA-2017-0680.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1916 https://access.redhat.com/errata/RHSA-2017:1916