GNU libc Vulnerabilities Allow DNS Response Manipulation
Summary
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in GNU libc, affecting Linux and other Unix-based systems. These vulnerabilities allow remote attackers to manipulate DNS responses. The advisory provides information on affected versions and mitigation strategies.
What changed
CERT-Bund has released security advisory WID-SEC-2026-0817 detailing multiple vulnerabilities in GNU libc, the core C library for Linux and other Unix-like operating systems. The vulnerabilities, with a CVSS Base Score of 5.9, allow remote, anonymous attackers to manipulate DNS responses. The advisory specifically identifies Open Source GNU libc versions 2.34 through 2.43 as affected.
Organizations utilizing Linux or other Unix-based systems that rely on the affected GNU libc versions should review the advisory for mitigation strategies. While no specific compliance deadline is provided, prompt patching or applying vendor-recommended mitigations is crucial to prevent potential DNS manipulation attacks, which could lead to redirection to malicious sites or denial-of-service conditions.
What to do next
- Review GNU libc versions for potential vulnerability (2.34-2.43)
- Apply vendor-provided patches or mitigation strategies
- Monitor for further security updates from CERT-Bund and relevant vendors
Source document (simplified)
[WID-SEC-2026-0817] GNU libc: Mehrere Schwachstellen ermöglichen Manipulation von DNS Antworten CVSS Base Score 5.9 (mittel) CVSS Temporal Score 5.2 (mittel) Remoteangriff ja Datum 22.03.2026 Stand 23.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- UNIX
Produktbeschreibung
Die GNU libc ist die Basis C Bibliothek unter Linux sowie anderen Unix-Betriebssystemen, welche die Systemaufrufe sowie Basisfunktionalität bereitstellt.
Produkte
22.03.2026
- Open Source GNU libc 2.34-2.43
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GNU libc ausnutzen, um DNS Antworten zu manipulieren. CVE Informationen Versionshistorie Feedback zum Advisory geben
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.