Debian 10 Buster: DLA-3152-1 Critical: Glibc Denial Of Service
debian lts
October 17, 2022
This update fixes a wide range of vulnerabilities
Topics Covered
Summary
The iconv program in the GNU C Library when invoked with multiple
suffixes in the destination encoding (TRANSLATE or IGNORE) along with
the -c option, enters an infinite loop when processing invalid
multi-byte input sequences, leading to a denial of service.
CVE-2019-19126
On the x86-64 architecture, the GNU C Library fails to ignore the
LD_PREFER_MAP_32BIT_EXEC environment variable during program
execution after a security transition, allowing local attackers to
restrict the possible mapping addresses for loaded libraries and
thus bypass ASLR for a setuid program.
CVE-2019-25013
The iconv feature in the GNU C Library, when processing invalid
multi-byte input sequences in the EUC-KR encoding, may have a buffer
over-read.
CVE-2020-10029
The GNU C Library could overflow an on-stack buffer during range
reduction if an input to an 80-bit long double function contains a
non-canonical bit pattern, a seen when passing a
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
-------------------------------------------------------------------------Package: glibc
Version: 2.28-10+deb10u2
CVE ID: CVE-2016-10228 CVE-2019-19126 CVE-2019-25013
Debian Bug: 856503 945250 953108 953788 961452 973914 979273 981198
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!