Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in eglibc
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in eglibc
ID: USN-2306-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS
Datum: Mo, 4. August 2014, 19:21
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043
Applikationen: eglibc

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0279685828868185721==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="tDrp2OPHWw6fx6KkqJWBRhuuw37RBpHe9"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--tDrp2OPHWw6fx6KkqJWBRhuuw37RBpHe9
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2306-1
August 04, 2014

eglibc vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the GNU C Library.

Software Description:
- eglibc: GNU C Library

Details:

Maksymilian Arciemowicz discovered that the GNU C Library incorrectly
handled the getaddrinfo() function. An attacker could use this issue to
cause a denial of service. This issue only affected Ubuntu 10.04 LTS.
(CVE-2013-4357)

It was discovered that the GNU C Library incorrectly handled the
getaddrinfo() function. An attacker could use this issue to cause a denial
of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.
(CVE-2013-4458)

Stephane Chazelas discovered that the GNU C Library incorrectly handled
locale environment variables. An attacker could use this issue to possibly
bypass certain restrictions such as the ForceCommand restrictions in
OpenSSH. (CVE-2014-0475)

David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C
Library incorrectly handled posix_spawn_file_actions_addopen() path
arguments. An attacker could use this issue to cause a denial of service.
(CVE-2014-4043)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libc6 2.19-0ubuntu6.1

Ubuntu 12.04 LTS:
libc6 2.15-0ubuntu10.6

Ubuntu 10.04 LTS:
libc6 2.11.1-0ubuntu7.14

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2306-1
CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043

Package Information:
https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.1
https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.6
https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.14



--tDrp2OPHWw6fx6KkqJWBRhuuw37RBpHe9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJT37P6AAoJEGVp2FWnRL6TAI4P/jmNKZehlzfWoFZJEzjj4RwT
Wc7wfzEl2ivv0N0e5yl8VQnrs3T1115TW2F1SqUTN1onKfnM99c9aXtuF5V8GXpL
DacBUwTmf+JAsITHX+M3cYByj1ZMRLmpyURasuf+U0rB8BbGwN2m8ghWJi9NittZ
Isjx0YaR0ij2XF33hdIl2JdQmxEblg+JVftVpb/s4RhM+Uxk4UNEotRAJrY9Pxl1
RJW11rvlALsEBpyhhUltm2oWLuGMGZHaSQVfVyn1QdWucfUK3X5E91by0l7ZXX9I
3xIA/YBQVN6/1rm2tSaXv5tVNKUtcV8WwuO/lMRmqpLwtEfYAu7zGTWz7N11r1qt
Rus75KMbUhmbQi2/KszPq0NEz6dtoUO4UFGb8UAwkLB4o9SldWeLMiCeHB/TOauA
7hsHy6/ET0i90biWy41EETrxK9LxuESkAHbRa3xNibHCPxZPSzc59Hx2oCG/26qU
pKGu0tkHOycSBEMHrYGJc8t2PDy3/O8DvszhetgBr9ewWJhFtB7/tAn7tZU86MQA
neGwCzfAxPXUCKpePG96t3ShRM+Yu62tZlYmzIFHW4OEKmQHiKKsk8fjbWQENWJ9
ndewRAjMTxliPYhErO0CXsxCJ+Lt6aZZMz4qKiX/ErjP9uyeDRjyiRMrpE31BnV3
qBZB8vdsbVLIohy/cDBG
=Zov3
-----END PGP SIGNATURE-----

--tDrp2OPHWw6fx6KkqJWBRhuuw37RBpHe9--


--===============0279685828868185721==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0279685828868185721==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung