drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in GNU C library
Name: |
Mehrere Probleme in GNU C library |
|
ID: |
USN-3239-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS |
|
Datum: |
Di, 21. März 2017, 09:31 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234 |
|
Applikationen: |
GNU C library |
|
Originalnachricht |
--===============8976594829342038038== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="KIzF6Cje4W/osXrF" Content-Disposition: inline
--KIzF6Cje4W/osXrF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3239-1 March 21, 2017
eglibc, glibc vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the GNU C Library.
Software Description: - glibc: GNU C Library - eglibc: GNU C Library
Details:
It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)
It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983)
It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)
Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234)
Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180)
Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706)
Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429)
Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417)
Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libc6 2.23-0ubuntu6
Ubuntu 14.04 LTS: libc6 2.19-0ubuntu6.10
Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.16
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3239-1 CVE-2015-5180, CVE-2015-8982, CVE-2015-8983, CVE-2015-8984, CVE-2016-1234, CVE-2016-3706, CVE-2016-4429, CVE-2016-5417, CVE-2016-6323
Package Information: https://launchpad.net/ubuntu/+source/glibc/2.23-0ubuntu6 https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.10 https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.16
--KIzF6Cje4W/osXrF Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJY0JezAAoJEC8Jno0AXoH08cQQAK6PmHx0dtCx4c+KAqCls6cC ZcLmVN37XszJTH7esDglK7hjNWOIT1ZtG6emLACnBIoTo9aR1lTLh7wpd03L5YoN IdXM9QXIagltiyc8W4M93bfxjbYvPXF6/oSc3v9VUyD/jyfI7KFGVNn+jCWfFkIB UL+i3mwFdqS0oOHrmHNjGNrpCOTnLRr+R/S5v+KfeSuT0TYGzFz4IBoDeF5rWDRk Li0S7nw0eHmcAGB9tjXAMwks8MSa3vI2wCenmHSWvEy93aWHwZrYQ0CzqFqE3FSz kG2n5/IvQBSxGPGP3aGEkcwfOOLi5JcIFpTTLAAMF8XpRW74eNgm3wWdde5VJXAv 3YN0LDOElLkRJdQlUUYSjKbL3tJjAbwjLCsWn4MjPlBRaURjgae7I7X6kXtjDH7c u2AIVn74v6A9u5vF/HoBAkp8ZdRab07AEUdOxO0wf9S10O0pjlbX1X6Ls6R4ocCb BUH3tuUYtMKz9/q+fhcGzLvjbwtCBxEN8/OU4NfoRzFOsiEQv8HD+if1fXZoIOzK 6xMXsMx/9dY+gGxOOzCzCxfVTWrWwuIkMEiRn9I+BXGzX0sARyKFDVZVzdDktD8D mVTwMIj87WTIrQrG5JJipc3EfBDe5aBKXrEHaiay8zuX/vhs0QY6NNpYN09egf0h WG4ssBjhqojwwiI1hYa0 =smae -----END PGP SIGNATURE-----
--KIzF6Cje4W/osXrF--
--===============8976594829342038038== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8976594829342038038==--
|
|
|
|