Ubuntu 4416-1: GNU C Library vulnerabilities

    Date 06 Jul 2020
    97
    Posted By LinuxSecurity Advisories
    Several security issues were fixed in GNU C Library.
    ==========================================================================
    Ubuntu Security Notice USN-4416-1
    July 06, 2020
    
    glibc vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 19.10
    - Ubuntu 18.04 LTS
    - Ubuntu 16.04 LTS
    
    Summary:
    
    Several security issues were fixed in GNU C Library.
    
    Software Description:
    - glibc: GNU C Library
    
    Details:
    
    Florian Weimer discovered that the GNU C Library incorrectly handled
    certain memory operations. A remote attacker could use this issue to cause
    the GNU C Library to crash, resulting in a denial of service, or possibly
    execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
    (CVE-2017-12133)
    
    It was discovered that the GNU C Library incorrectly handled certain
    SSE2-optimized memmove operations. A remote attacker could use this issue
    to cause the GNU C Library to crash, resulting in a denial of service, or
    possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
    (CVE-2017-18269)
    
    It was discovered that the GNU C Library incorrectly handled certain
    pathname operations. A remote attacker could use this issue to cause the
    GNU C Library to crash, resulting in a denial of service, or possibly
    execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
    (CVE-2018-11236)
    
    It was discovered that the GNU C Library incorrectly handled certain
    AVX-512-optimized mempcpy operations. A remote attacker could use this
    issue to cause the GNU C Library to crash, resulting in a denial of
    service, or possibly execute arbitrary code. This issue only affected
    Ubuntu 18.04 LTS. (CVE-2018-11237)
    
    It was discovered that the GNU C Library incorrectly handled certain
    hostname loookups. A remote attacker could use this issue to cause the GNU
    C Library to crash, resulting in a denial of service, or possibly execute
    arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-19591)
    
    Jakub Wilk discovered that the GNU C Library incorrectly handled certain
    memalign functions. A remote attacker could use this issue to cause the GNU
    C Library to crash, resulting in a denial of service, or possibly execute
    arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-6485)
    
    It was discovered that the GNU C Library incorrectly ignored the
    LD_PREFER_MAP_32BIT_EXEC environment variable after security transitions. A
    local attacker could use this issue to bypass ASLR restrictions.
    (CVE-2019-19126)
    
    It was discovered that the GNU C Library incorrectly handled certain
    regular expressions. A remote attacker could possibly use this issue to
    cause the GNU C Library to crash, resulting in a denial of service. This
    issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9169)
    
    It was discovered that the GNU C Library incorrectly handled certain
    bit patterns. A remote attacker could use this issue to cause the GNU C
    Library to crash, resulting in a denial of service, or possibly execute
    arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04
    LTS. (CVE-2020-10029)
    
    It was discovered that the GNU C Library incorrectly handled certain
    signal trampolines on PowerPC. A remote attacker could use this issue to
    cause the GNU C Library to crash, resulting in a denial of service, or
    possibly execute arbitrary code. (CVE-2020-1751)
    
    It was discovered that the GNU C Library incorrectly handled tilde
    expansion. A remote attacker could use this issue to cause the GNU C
    Library to crash, resulting in a denial of service, or possibly execute
    arbitrary code. (CVE-2020-1752)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 19.10:
      libc6                           2.30-0ubuntu2.2
    
    Ubuntu 18.04 LTS:
      libc6                           2.27-3ubuntu1.2
    
    Ubuntu 16.04 LTS:
      libc6                           2.23-0ubuntu11.2
    
    After a standard system update you need to reboot your computer to make
    all the necessary changes.
    
    References:
      https://usn.ubuntu.com/4416-1
      CVE-2017-12133, CVE-2017-18269, CVE-2018-11236, CVE-2018-11237,
      CVE-2018-19591, CVE-2018-6485, CVE-2019-19126, CVE-2019-9169,
      CVE-2020-10029, CVE-2020-1751, CVE-2020-1752
    
    Package Information:
      https://launchpad.net/ubuntu/+source/glibc/2.30-0ubuntu2.2
      https://launchpad.net/ubuntu/+source/glibc/2.27-3ubuntu1.2
      https://launchpad.net/ubuntu/+source/glibc/2.23-0ubuntu11.2
    
    

    LinuxSecurity Poll

    Are you planning to use the 1Password password manager now that it is available to Linux users?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/35-are-you-planning-to-use-the-1password-password-manager-now-that-it-is-available-to-linux-users?task=poll.vote&format=json
    35
    radio
    [{"id":"122","title":"Yes","votes":"1","type":"x","order":"1","pct":20,"resources":[]},{"id":"123","title":"No ","votes":"3","type":"x","order":"2","pct":60,"resources":[]},{"id":"124","title":"Not sure at the moment","votes":"1","type":"x","order":"3","pct":20,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.