Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Ubuntu 16.04 LTS USN-3239-2 Critical: Glibc Regression Notification

ubuntu
Calendar Grey March 22, 2017
Dist Ubuntu Esm H88
Corrections for regressions and vulnerabilities in the GNU C Library across various Ubuntu releases, affecting system reliability.
USN-3239-1 introduced a regression in the GNU C Library.

Summary

USN-3239-1 introduced a regression in the GNU C Library.

Software Description:

- glibc: GNU C Library

- eglibc: GNU C Library

Details:

USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately,

the fix for CVE-2015-5180 introduced an internal ABI change within

the resolver library. This update reverts the change. We apologize

for the inconvenience.

Please note that long-running services that were restarted to compensate

for the USN-3239-1 update may need to be restarted again.

Original advisory details:

It was discovered that the GNU C Library incorrectly handled the

strxfrm() function. An attacker could use this issue to cause a denial

of service or possibly execute arbitrary code. This issue only affected

Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)

It was discovered that an integer overflow existed in the

_IO_wstr_overflow() function of the GNU C Library. An attacker could

use this to cause a denial of service or poss...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libc6                           2.23-0ubuntu7

Ubuntu 14.04 LTS:
  libc6                           2.19-0ubuntu6.11

Ubuntu 12.04 LTS:
  libc6                           2.15-0ubuntu10.17

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3239-2

https://ubuntu.com/security/notices/USN-3239-1

https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1674532

Severity
critical
Lowest
Low
Medium
High
Critical

March 21, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.