drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in klibc
| Name: |
Mehrere Probleme in klibc |
|
| ID: |
USN-5379-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, Ubuntu 16.04 ESM |
|
| Datum: |
Mo, 18. April 2022, 19:01 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31871 |
|
| Applikationen: |
Klibc |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============3375398088513668484==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------UvQXfRACTW0CnAFK0OLX5b0D"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------UvQXfRACTW0CnAFK0OLX5b0D
Content-Type: multipart/mixed;
boundary="------------FHiKEwI0OIUL8IytUCh3HQWu";
protected-headers="v1"
From: David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <d0aef806-6276-960b-e4b5-7276c476d009@canonical.com>
Subject: [USN-5379-1] klibc vulnerabilities
--------------FHiKEwI0OIUL8IytUCh3HQWu
Content-Type: multipart/mixed;
boundary="------------MwL1LbIGPoDY0hqMrke07LL0"
--------------MwL1LbIGPoDY0hqMrke07LL0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
==========================================================================
Ubuntu Security Notice USN-5379-1
April 18, 2022
klibc vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in klibc.
Software Description:
- klibc: small utilities built with klibc for early boot
Details:
It was discovered that klibc did not properly perform
some mathematical operations, leading to an integer overflow.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-31870)
It was discovered that klibc did not properly handled some
memory allocations on 64 bit systems. An attacker could
possibly use this issue to cause a crash, resulting in a
denial of service, or possibly execute arbitrary code.
(CVE-2021-31871)
It was discovered that klibc did not properly handled some file
sizes values on 32 bit systems. An attacker could possibly use
this issue to cause a crash, resulting in a denial of service,
or possibly execute arbitrary code. (CVE-2021-31872)
It was discovered that klibc did not properly handled some
memory allocations. An attacker could possibly use this issue
to cause a crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-31873)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
klibc-utils 2.0.7-1ubuntu5.1
libklibc 2.0.7-1ubuntu5.1
Ubuntu 18.04 LTS:
klibc-utils 2.0.4-9ubuntu2.1
libklibc 2.0.4-9ubuntu2.1
Ubuntu 16.04 ESM:
klibc-utils 2.0.4-8ubuntu1.16.04.4+esm1
libklibc 2.0.4-8ubuntu1.16.04.4+esm1
Ubuntu 14.04 ESM:
klibc-utils 2.0.3-0ubuntu1.14.04.3+esm2
libklibc 2.0.3-0ubuntu1.14.04.3+esm2
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5379-1
CVE-2021-31870, CVE-2021-31871, CVE-2021-31872, CVE-2021-31873
Package Information:
https://launchpad.net/ubuntu/+source/klibc/2.0.7-1ubuntu5.1
https://launchpad.net/ubuntu/+source/klibc/2.0.4-9ubuntu2.1
--------------MwL1LbIGPoDY0hqMrke07LL0
Content-Type: application/pgp-keys;
name="OpenPGP_0x196D412138F33F64.asc"
Content-Disposition: attachment;
filename="OpenPGP_0x196D412138F33F64.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsDNBGIl7V0BDAC+6Rrs/dA9eDfxCA5DutvqKqSxwodFEgiMxDLnR0OSrwlYgTFh
X+OChdT+L0AyBJsjfsrWByRCm/Eky6JE9QtnmDpusvrYwXmVm/Whe/0W+qJ6rzzU
sL0GkZoOUt2JhTdYcJ1o2A+J3RgXUuXUENMrpFhUwwpu7YOaMgCrno64C4wBgK55
KDUCd6i5bM26P4csLNjRO4+qJj4m3Hve/iJgpb510XI3aS4azY/Rm+iXGrlGMi9T
PGEDcsjoO3zT7v3l0EA5SEhpbXBHOGy94vRcMBYuUZqhwfa8Mi/h1uTtTHmT/+1f
7eWoO0tPssex6mWIodZo1epKIfjhbW63C571XIB0ZIuqfChj4k5dgthUqeJXpRDl
v3l2wd5HYzbGu3Ie37PodIeocnTa2C/o6PvN+wA4+BYWgZXCdCA5TqVrM+HCwzmF
Guc6ALYNklgpxas/4ZP6tcQxMgU8oBQ1+3Ufef46iP/jo9CvFRQ5JystLhHLfVpm
BgcILk2rYwwWjE0AEQEAAc1ARGF2aWQgRmVybmFuZGV6IEdvbnphbGV6IDxkYXZp
ZC5mZXJuYW5kZXpnb256YWxlekBjYW5vbmljYWwuY29tPsLBFAQTAQoAPhYhBIhm
zS6qttOZ5NIT3RltQSE48z9kBQJiJe1dAhsDBQkDwmcABQsJCAcDBRUKCQgLBRYC
AwEAAh4BAheAAAoJEBltQSE48z9kbG0MALnqt1PxxnNeDW11/d8nV66k/rweAfYT
TqzJ0ikuNDh94AdeuLCsOLfMk64d3KMyswD+i8CaFhkKv2kIlD/QzOku3PBUo4PP
+NxKWzCWYG3ZcGApgdhr+y7G59ZvuKxO0xxzbRIQmcnAl1qr6PvHpaSQJ/w1eKMl
GTVX5PvZNxVvg3TZ6NQhX1n2gIeqCYo4C9e9aIYCk8w4Gu6NyMiUBuy0ybMkz9JL
X4wEeRc2aGuWtSAnOayqTyDpleVy0qCH7tufh1ZL0gNFN8UJptivtmVSjNh5nPwU
x+a42iTjU3uVUGZ/UdtTOpruXHAX0zporXYXNFzZUG82Um7mYB8ETx1EribDG7TC
ktYEA+XBkfZ6JhGeeKMsLt5GmcfXB/+EoKUZjSsx94kqFNAQe6X4Y/158tZ8Gt3J
k2Aj/VBZK7lSbFjIB/jdf6ydhwLRIXsAlVx8i2NYa3SxLZMfKaet8LA/y+GNZxnj
GCdRT9eEJOZ62VETYwd+pAPW5BamUv8kW87AzQRiJe1dAQwAp0ywqyunvK5Iwn7T
x+tzixODvTgwMc+uNrH3o6+Ra6+Bn+YLmuuOwiScRb+sSErXoDz/LgLF0oIB2ZIs
Be+FT0m/eUY3xLiGF8L9DvrRSmePyiiml9rrd1wduuhg6hQw6/ef08WayVEzFWCF
63sqQk18ZKatP3WnOhSd0OT5xOXcW2//NJwFni+cjfnYuUMpVNodCwFQJtEeYSZz
zxVEJd4AtfM/ynGznPyYIsybt+fUhDvVEI+neWflpLk9jrJ1XIAhObEWkmgH9KQ3
5VGN7aLVBkxdbz2yCM4Auz8+DnDyksxuvZ3wcsM/eyIPFoBLrh3xNLOrERNqjPR3
MSnEGkt3+dkiQ5LbcvOpittix8Ycc6qdYYL6Gfy4Lfr/VZUWeGrGsVc79C+aqQUe
1dJkqGMTk9CRNaGxUlSyQ5ylcyoNlLusPGO/3zPGBIY7fOlqTVR7LFmfyxHcoCmg
EqXxhooeJn2PmTOY6E2Ap5ViYr8akucmO6GPJxHXqgW7qNDdABEBAAHCwPwEGAEK
ACYWIQSIZs0uqrbTmeTSE90ZbUEhOPM/ZAUCYiXtXQIbDAUJA8JnAAAKCRAZbUEh
OPM/ZODXDACkYliQ7r5w5IbBniu2axcW5j3PGd+G9Cm90oirsd9v35qRxErYXwbP
b79gBTMxHGgw+4mIz3F2mzzynZ11joW+0Zr8Vgr3BKSNBS5hz9NfcwkdiubkGsoj
jhruNUFtQqBNyQIJh9CfECXq2puYY7H6lu13bBNb49TY6XzyvOni2A5WntQqN+Ap
/RkxkLIGnBwi4p06OYs9Atda8IrMv0zXxlzRNEqk1cniNsSyRWHruVvN6nhVuvwF
sNM6z7F48B8tTh3iKludMPVL5YgGQeVtN3rXOwPCq3f9Y6G67eJxs7HhQYtuj7Gn
c3porYgLw2xOh6BOa6dWby0/adS79+FdycEtlNRKlrLMneEL2Sk1zrKVd0uF96yX
VOS0nAHllLod67uFgjT85P2MZWN7dPD6jAhv9rOq9cgOCKB+ulACePOpoXDFzgND
w5FGDbZtHYnLrJWyyqnas4ms4pnmJsnHAyDBWYS8a6j82D7NSx/7MrH6bAFl18zK
7/zNmhJ06VU=3D
=3DJWgW
-----END PGP PUBLIC KEY BLOCK-----
--------------MwL1LbIGPoDY0hqMrke07LL0--
--------------FHiKEwI0OIUL8IytUCh3HQWu--
--------------UvQXfRACTW0CnAFK0OLX5b0D
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEiGbNLqq205nk0hPdGW1BITjzP2QFAmJdbWQFAwAAAAAACgkQGW1BITjzP2RS
UAwAhmO4E+Ip1kyW/lrX3XO4CrOZY711Kldtg+dJs7DYtL08HTyIzbMghIzqiOApvaSanjVCJDOX
/AunywGwI08ziRpXtmztQnwpJJkLrYGXP7BWa+t/YEnr68u3/ve4k84dttAddsooT+P6FsHf0yL6
K08fv3M6Im9vmYT4U0RYIcl9h+x7c0mNtG/bYQOX8WSh19mjVkHBaHkjyC4uNnoTUg8/Yac2Sg4x
GB9LoITVJ9cidYaOtyM+BCvY54S13VjP0vtnlCHBVt9yzq4aqaRQ1Kwn6nQV3S09Cd/0bH5CWB3T
UtT+cF0uyiuZMjjCGsstvsdox65GEEVjnsiU+Y1DBP5fXS0eELtHjtj/elXenRkw8UWVhF5+U56F
6WaBGMDck4gaj6gTjQEBeJEdJNcbk0GwjR7Ybz/ialTlQg6gh3XvreaFM4doKqkutidsoLn9ta2N
N2TnwB1GTH8Jf3IkcC7rJA/Tisx71qPTofinxPE9lOYU8FcSc/Sv6082ib3t
=QwX/
-----END PGP SIGNATURE-----
--------------UvQXfRACTW0CnAFK0OLX5b0D--
--===============3375398088513668484==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
Cg==
--===============3375398088513668484==--
|
|
|
|
