drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in GNU C library (Aktualisierung)
Name: |
Mehrere Probleme in GNU C library (Aktualisierung) |
|
ID: |
USN-3239-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS |
|
Datum: |
Mi, 22. März 2017, 07:17 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8982 |
|
Applikationen: |
GNU C library |
|
Update von: |
Mehrere Probleme in GNU C library |
|
Originalnachricht |
--===============3572575878598254950== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="MGu/vTNewDGZ7tmp" Content-Disposition: inline
--MGu/vTNewDGZ7tmp Content-Type: text/plain; charset=us-ascii Content-Disposition: inlin Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3239-2 March 21, 2017
eglibc, glibc regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
USN-3239-1 introduced a regression in the GNU C Library.
Software Description: - glibc: GNU C Library - eglibc: GNU C Library
Details:
USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience.
Please note that long-running services that were restarted to compensate for the USN-3239-1 update may need to be restarted again.
Original advisory details:
It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234) Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180) Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libc6 2.23-0ubuntu7
Ubuntu 14.04 LTS: libc6 2.19-0ubuntu6.11
Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.17
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3239-2 http://www.ubuntu.com/usn/usn-3239-1 https://bugs.launchpad.net/bugs/1674532
Package Information: https://launchpad.net/ubuntu/+source/glibc/2.23-0ubuntu7 https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.11 https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.17
--MGu/vTNewDGZ7tmp Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJY0cB2AAoJEC8Jno0AXoH0UfEP/jG2RjW/KVSaMzU9SIPlHlcu xsZvweFAXXGW/9Pqzug/d6YdeKI6QxNG+nxrMnCyk2EpFS9iYWZPiWsOnrzMFhcl EHrh8KnREvS75izN69gzTUeWGJPDvca1jCx0oAbIMlY9lTIf1Vqq6OrzHJLF8ija KuMiljUcFqXy1F+KtMQZ/o7GW5t/0W5MaEi+8SCqHyX/iOUuKvs4CZxCmi43uXDO Y1dZ/r2MKp86Z1IV8GCM6j5M8ULnWv5s1rGS2DqXQndCdsOF5WitionuGGYhoyuL +n+MlKm801+6nNf0pehAXzjOKPBiSzt5iSqZY6NfmdMs7h8Pw7SK0rWiv+q47YEB LW7gclxrybYuSyRXQ3Uyrr+jZCE2WsX5LlHXmi+HXvT82HyfsupbQXg3E+J3kkB5 cWFo+xM51jSp7hhL0Y48j4FGQDmUMKukhtz4ud+OV+pLvqnIJM1A5YejB3/0h4Tl hGsDQZkG9aMjPCtnXOnctyHHdHkozYbEYXJzZ5F7UA65/vMB22UjivbsPpu9VIBS KkIuFG+7U9gcx1TiQA8YD7XV1/3GZwZTgERuL+lRUE+CO+SoJm7JmeMgE3MUzYRE eDl7Gy7iquTT2equuK4kM9ZOdQ7OfIQVfooL4zHbu5cNNES3fW5edwCdrcc9EDAE FJiD0YiynSEyz6kX1DxO =dO88 -----END PGP SIGNATURE-----
--MGu/vTNewDGZ7tmp--
--===============3572575878598254950== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============3572575878598254950==--
|
|
|
|