Sicherheit: Mehrere Probleme in eglibc (Aktualisierung)

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0213565728515995966==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="8pVW2MOm8tigJfnLcGi18eMccgV4KD7DT"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--8pVW2MOm8tigJfnLcGi18eMccgV4KD7DT
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2306-3
September 08, 2014

eglibc regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

USN-2306-1 introduced a regression in the GNU C Library.

Software Description:
- eglibc: GNU C Library

Details:

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS,
the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This
update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Maksymilian Arciemowicz discovered that the GNU C Library incorrectly
handled the getaddrinfo() function. An attacker could use this issue to
cause a denial of service. This issue only affected Ubuntu 10.04 LTS.
(CVE-2013-4357)
It was discovered that the GNU C Library incorrectly handled the
getaddrinfo() function. An attacker could use this issue to cause a denial
of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.
(CVE-2013-4458)
Stephane Chazelas discovered that the GNU C Library incorrectly handled
locale environment variables. An attacker could use this issue to possibly
bypass certain restrictions such as the ForceCommand restrictions in
OpenSSH. (CVE-2014-0475)
David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C
Library incorrectly handled posix_spawn_file_actions_addopen() path
arguments. An attacker could use this issue to cause a denial of service.
(CVE-2014-4043)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
libc6 2.11.1-0ubuntu7.17

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2306-3
http://www.ubuntu.com/usn/usn-2306-1
https://launchpad.net/bugs/1364584

Package Information:
https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.17

--8pVW2MOm8tigJfnLcGi18eMccgV4KD7DT
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUDZfOAAoJEGVp2FWnRL6T7YgP/3Xjpu11aND5CoxuhXCHMe79
INjESML6S+EXs6ZQxO6nvXBA5T7Wbbl4SXcqQ7yIUdZ2XP4iSOfJFLSTrba+oxgF
zLKBiq+F6u3ZXdssbgkoX5QanqEkNc6hQzeTK9sIJDwC9GRMmp2m/JmgSur+eFfP
gN+a2jSJt+x+gtmyEpUGoDHqzkM17pitSiuGCGQqUVB0QBACWcJRLtyiwI73Qiy1
ZIILdj4xcBicYUJxydo+zy+vfCXysWiHRE9Dwr0xVL56u86GDGPokehHycIta/Yk
4PwWLSh1hQXuQah8CzjTjM5i2EhbmnZsa+Mb6g5wvpCuB6QjlDuS96BcEDwzZzCZ
cwB6PSeB7Hi/MIjMyRTCZnTUtrvd3Lr4n7rI1ZFy/+mo9x20cjx8AEaE78RU1MGp
/0S+gAIEXYxRxRVxkHkHDMTCTh4On60KVDU2xjtmtg2FQCRmmUk2IuFh0+/TfQsr
/R+VovTu8iPWqyZd1kU3Rfot8ZwghcmFOJGvM/7h1Az/eH6hqsNJ2uY6CYHeeobW
cZaMqqH5RKq/u8DJnjqYixQpdqxpgFYZaOEvxgKNcofR2NiuBLF5XvLg4SeL0V2v
T0U4zwIBkkl0uhcP3uBmQQZ+OIb4ZzhWNhFf3nBv1ct6vTGAVwPCFOIi8dEgcqdb
pjvFH8nYFgH+pv3Tf3rl
=iZ9U
-----END PGP SIGNATURE-----

--8pVW2MOm8tigJfnLcGi18eMccgV4KD7DT--

--===============0213565728515995966==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0213565728515995966==--