Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 14.10: USN-2519-1 Critical Denial Of Service in glibc

ubuntu
Calendar Grey February 26, 2015
Dist Ubuntu Esm H88
Security Notice USN-2519-1 resolves eglibc and glibc issues, fixing critical Denial of Service threats in Ubuntu.
Several security issues were fixed in the GNU C Library.

Summary

Several security issues were fixed in the GNU C Library.

Software Description:

- glibc: GNU C Library

- eglibc: GNU C Library

Details:

Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file

descriptors when resolving DNS queries under high load. This may cause a

denial of service in other applications, or an information leak. This issue

only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.

(CVE-2013-7423)

It was discovered that the GNU C Library incorrectly handled receiving a

positive answer while processing the network name when performing DNS

resolution. A remote attacker could use this issue to cause the GNU C

Library to hang, resulting in a denial of service. (CVE-2014-9402)

Joseph Myers discovered that the GNU C Library wscanf function incorrectly

handled memory. A remote attacker could possibly use this issue to cause

the GNU C Library to crash, resulting in a denial of service, or possibly

execute arbitrary co...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  libc6                           2.19-10ubuntu2.3

Ubuntu 14.04 LTS:
  libc6                           2.19-0ubuntu6.6

Ubuntu 12.04 LTS:
  libc6                           2.15-0ubuntu10.11

Ubuntu 10.04 LTS:
  libc6                           2.11.1-0ubuntu7.21

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2519-1

CVE-2013-7423, CVE-2014-9402, CVE-2015-1472, CVE-2015-1473

Severity
critical
Lowest
Low
Medium
High
Critical

February 26, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.