Ubuntu 2306-3: GNU C Library regression

    Date08 Sep 2014
    CategoryUbuntu
    44
    Posted ByLinuxSecurity Advisories
    USN-2306-1 introduced a regression in the GNU C Library.
    ==========================================================================
    Ubuntu Security Notice USN-2306-3
    September 08, 2014
    
    eglibc regression
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 10.04 LTS
    
    Summary:
    
    USN-2306-1 introduced a regression in the GNU C Library.
    
    Software Description:
    - eglibc: GNU C Library
    
    Details:
    
    USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS,
    the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This
    update fixes the problem.
    
    We apologize for the inconvenience.
    
    Original advisory details:
    
     Maksymilian Arciemowicz discovered that the GNU C Library incorrectly
     handled the getaddrinfo() function. An attacker could use this issue to
     cause a denial of service. This issue only affected Ubuntu 10.04 LTS.
     (CVE-2013-4357)
      It was discovered that the GNU C Library incorrectly handled the
     getaddrinfo() function. An attacker could use this issue to cause a denial
     of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.
     (CVE-2013-4458)
      Stephane Chazelas discovered that the GNU C Library incorrectly handled
     locale environment variables. An attacker could use this issue to possibly
     bypass certain restrictions such as the ForceCommand restrictions in
     OpenSSH. (CVE-2014-0475)
      David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C
     Library incorrectly handled posix_spawn_file_actions_addopen() path
     arguments. An attacker could use this issue to cause a denial of service.
     (CVE-2014-4043)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 10.04 LTS:
      libc6                           2.11.1-0ubuntu7.17
    
    After a standard system update you need to reboot your computer to make
    all the necessary changes.
    
    References:
      http://www.ubuntu.com/usn/usn-2306-3
      http://www.ubuntu.com/usn/usn-2306-1
      https://launchpad.net/bugs/1364584
    
    Package Information:
      https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.17
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.