drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in eglibc (Aktualisierung)
Name: |
Mehrere Probleme in eglibc (Aktualisierung) |
|
ID: |
USN-2306-3 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS |
|
Datum: |
Mo, 8. September 2014, 22:46 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043 |
|
Applikationen: |
GNU C library |
|
Update von: |
Mehrere Probleme in eglibc |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0213565728515995966== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="8pVW2MOm8tigJfnLcGi18eMccgV4KD7DT"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --8pVW2MOm8tigJfnLcGi18eMccgV4KD7DT Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2306-3 September 08, 2014
eglibc regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
USN-2306-1 introduced a regression in the GNU C Library.
Software Description: - eglibc: GNU C Library
Details:
USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. (CVE-2013-4357) It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-4458) Stephane Chazelas discovered that the GNU C Library incorrectly handled locale environment variables. An attacker could use this issue to possibly bypass certain restrictions such as the ForceCommand restrictions in OpenSSH. (CVE-2014-0475) David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C Library incorrectly handled posix_spawn_file_actions_addopen() path arguments. An attacker could use this issue to cause a denial of service. (CVE-2014-4043)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.04 LTS: libc6 2.11.1-0ubuntu7.17
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2306-3 http://www.ubuntu.com/usn/usn-2306-1 https://launchpad.net/bugs/1364584
Package Information: https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.17
--8pVW2MOm8tigJfnLcGi18eMccgV4KD7DT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJUDZfOAAoJEGVp2FWnRL6T7YgP/3Xjpu11aND5CoxuhXCHMe79 INjESML6S+EXs6ZQxO6nvXBA5T7Wbbl4SXcqQ7yIUdZ2XP4iSOfJFLSTrba+oxgF zLKBiq+F6u3ZXdssbgkoX5QanqEkNc6hQzeTK9sIJDwC9GRMmp2m/JmgSur+eFfP gN+a2jSJt+x+gtmyEpUGoDHqzkM17pitSiuGCGQqUVB0QBACWcJRLtyiwI73Qiy1 ZIILdj4xcBicYUJxydo+zy+vfCXysWiHRE9Dwr0xVL56u86GDGPokehHycIta/Yk 4PwWLSh1hQXuQah8CzjTjM5i2EhbmnZsa+Mb6g5wvpCuB6QjlDuS96BcEDwzZzCZ cwB6PSeB7Hi/MIjMyRTCZnTUtrvd3Lr4n7rI1ZFy/+mo9x20cjx8AEaE78RU1MGp /0S+gAIEXYxRxRVxkHkHDMTCTh4On60KVDU2xjtmtg2FQCRmmUk2IuFh0+/TfQsr /R+VovTu8iPWqyZd1kU3Rfot8ZwghcmFOJGvM/7h1Az/eH6hqsNJ2uY6CYHeeobW cZaMqqH5RKq/u8DJnjqYixQpdqxpgFYZaOEvxgKNcofR2NiuBLF5XvLg4SeL0V2v T0U4zwIBkkl0uhcP3uBmQQZ+OIb4ZzhWNhFf3nBv1ct6vTGAVwPCFOIi8dEgcqdb pjvFH8nYFgH+pv3Tf3rl =iZ9U -----END PGP SIGNATURE-----
--8pVW2MOm8tigJfnLcGi18eMccgV4KD7DT--
--===============0213565728515995966== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0213565728515995966==--
|
|
|
|