Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 461
Alerts This Week
Warning Icon 1 461

Ubuntu 16.04 LTS USN-3239-1 Critical: glibc Security Issues

ubuntu
Calendar Grey March 21, 2017
Dist Ubuntu Esm H88
Ubuntu Security Update USN-4651-3 addresses significant vulnerabilities within the OpenSSL library impacting various Ubuntu versions.
Several security issues were fixed in the GNU C Library.

Summary

Several security issues were fixed in the GNU C Library.

Software Description:

- glibc: GNU C Library

- eglibc: GNU C Library

Details:

It was discovered that the GNU C Library incorrectly handled the

strxfrm() function. An attacker could use this issue to cause a denial

of service or possibly execute arbitrary code. This issue only affected

Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)

It was discovered that an integer overflow existed in the

_IO_wstr_overflow() function of the GNU C Library. An attacker could

use this to cause a denial of service or possibly execute arbitrary

code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04

LTS. (CVE-2015-8983)

It was discovered that the fnmatch() function in the GNU C Library

did not properly handle certain malformed patterns. An attacker could

use this to cause a denial of service. This issue only affected Ubuntu

12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)

Alexander Cherepanov discovered a stack-based buffer ov...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libc6                           2.23-0ubuntu6

Ubuntu 14.04 LTS:
  libc6                           2.19-0ubuntu6.10

Ubuntu 12.04 LTS:
  libc6                           2.15-0ubuntu10.16

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3239-1

CVE-2015-5180, CVE-2015-8982, CVE-2015-8983, CVE-2015-8984,

CVE-2016-1234, CVE-2016-3706, CVE-2016-4429, CVE-2016-5417,

CVE-2016-6323

Severity
critical
Lowest
Low
Medium
High
Critical

March 21, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.