Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 16.04 ESM USN-5768-1: Glibc Denial of Service Risks

ubuntu
Calendar Grey December 8, 2022
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-5769-1 highlights vulnerabilities in OpenSSL that may compromise system integrity and lead to potential breaches.
Several security issues were fixed in GNU C Library.

Summary

Several security issues were fixed in GNU C Library.

Software Description:

- glibc: GNU C Library

Details:

Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library

iconv feature incorrectly handled certain input sequences. An attacker

could possibly use this issue to cause the GNU C Library to hang or crash,

resulting in a denial of service. (CVE-2016-10228, CVE-2019-25013,

CVE-2020-27618)

It was discovered that the GNU C Library did not properly handled DNS

responses when ENDS0 is enabled. An attacker could possibly use this issue

to cause fragmentation-based attacks. (CVE-2017-12132)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  libc6                           2.23-0ubuntu11.3+esm3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5768-1

CVE-2016-10228, CVE-2017-12132, CVE-2019-25013, CVE-2020-27618

Severity
critical
Lowest
Low
Medium
High
Critical

December 08, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.