drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in GNU C library (Aktualisierung)
Name: |
Mehrere Probleme in GNU C library (Aktualisierung) |
|
ID: |
USN-3239-3 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS |
|
Datum: |
Fr, 24. März 2017, 07:02 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234 |
|
Applikationen: |
GNU C library |
|
Update von: |
Mehrere Probleme in GNU C library |
|
Originalnachricht |
--===============8850196809149537117== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="3eH4Qcq5fItR5cpy" Content-Disposition: inline
--3eH4Qcq5fItR5cpy Content-Type: text/plain; charset=us-ascii Content-Disposition: inlin Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3239-3 March 24, 2017
eglibc regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
USN-3239-1 introduced a regression in the GNU C Library.
Software Description: - eglibc: GNU C Library
Details:
USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2016-3706 introduced a regression that in some circumstances prevented IPv6 addresses from resolving. This update reverts the change in Ubuntu 12.04 LTS. We apologize for the error.
Original advisory details:
It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234) Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.18
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3239-3 http://www.ubuntu.com/usn/usn-3239-1 https://bugs.launchpad.net/bugs/1674776
Package Information: https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.18
--3eH4Qcq5fItR5cpy Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJY1KqCAAoJEC8Jno0AXoH0NOUP/2y4ymWl8MR5Ql21Dei9Edta vxFpri2GhVWTrEn4BivZ1NOQrWm6VzhA/PwDeK7ls53kk0A5Z9VkCP5xXvAJrT4/ JQIn0JfnI4GR4loGDfZr7QOgk59amNDxxdRw+TDZMyDA0wLpF4rxkbVmZVmOAMwt t2wog27PaQxlfcU68SPiL3N1I5QkIIJ4tE0FXyzDMo4xpchVYvP3Cadn3jTvAbZg PuyzHbGiF4ccPctDwudx9//j510sD5KjxievxLee0GqVOSUDTH6bJ5YUbtnazT8W cgJ1xFIslD469jpkdZx2hebUIoWHpl1Qm9QdM+MAANqLShE1XnVSFplqda6I08wB +cBvfoDhCrPQCxVJONrmH80h9WIRGCagb7faRMnnEP/wvZIA4CyHNmBrU+5R0Kem lBJa3FdDiwHb4e1fxNyaQJ1V6LE8vvMCyjvHNitXG27D3bQlBMGluZ+Nzws0v+dr 8AEmOr2yLbXHvVKgva5l+675G04rdqB/xigLua3IkAF1AFY4Rjs2Q8CIDqatVPLd cdOvpTLzJSxJHw8m8z6k3vqp7A1uMZP9cKXxzkJ3BaFEJ8UjuH+8Eycnq++gkARS llf+IVqhMay6cAOE0acVVtwGWwp8ed43q4agYHtH/mygHf/Tp+CbTmAa90IdDVbM zrkMpaVuHn25SKlY9WGW =XNw1 -----END PGP SIGNATURE-----
--3eH4Qcq5fItR5cpy--
--===============8850196809149537117== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8850196809149537117==--
|
|
|
|