drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in klibc
Name: |
Mehrere Probleme in klibc |
|
ID: |
USN-5379-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, Ubuntu 16.04 ESM |
|
Datum: |
Mo, 18. April 2022, 19:01 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31871 |
|
Applikationen: |
Klibc |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3375398088513668484== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------UvQXfRACTW0CnAFK0OLX5b0D"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------UvQXfRACTW0CnAFK0OLX5b0D Content-Type: multipart/mixed; boundary="------------FHiKEwI0OIUL8IytUCh3HQWu"; protected-headers="v1" From: David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <d0aef806-6276-960b-e4b5-7276c476d009@canonical.com> Subject: [USN-5379-1] klibc vulnerabilities
--------------FHiKEwI0OIUL8IytUCh3HQWu Content-Type: multipart/mixed; boundary="------------MwL1LbIGPoDY0hqMrke07LL0"
--------------MwL1LbIGPoDY0hqMrke07LL0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-5379-1 April 18, 2022
klibc vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in klibc.
Software Description: - klibc: small utilities built with klibc for early boot
Details:
It was discovered that klibc did not properly perform some mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31870)
It was discovered that klibc did not properly handled some memory allocations on 64 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31871)
It was discovered that klibc did not properly handled some file sizes values on 32 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31872)
It was discovered that klibc did not properly handled some memory allocations. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31873)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: klibc-utils 2.0.7-1ubuntu5.1 libklibc 2.0.7-1ubuntu5.1
Ubuntu 18.04 LTS: klibc-utils 2.0.4-9ubuntu2.1 libklibc 2.0.4-9ubuntu2.1
Ubuntu 16.04 ESM: klibc-utils 2.0.4-8ubuntu1.16.04.4+esm1 libklibc 2.0.4-8ubuntu1.16.04.4+esm1
Ubuntu 14.04 ESM: klibc-utils 2.0.3-0ubuntu1.14.04.3+esm2 libklibc 2.0.3-0ubuntu1.14.04.3+esm2
After a standard system update you need to reboot your computer to make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5379-1 CVE-2021-31870, CVE-2021-31871, CVE-2021-31872, CVE-2021-31873
Package Information: https://launchpad.net/ubuntu/+source/klibc/2.0.7-1ubuntu5.1 https://launchpad.net/ubuntu/+source/klibc/2.0.4-9ubuntu2.1
--------------MwL1LbIGPoDY0hqMrke07LL0 Content-Type: application/pgp-keys; name="OpenPGP_0x196D412138F33F64.asc" Content-Disposition: attachment; filename="OpenPGP_0x196D412138F33F64.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsDNBGIl7V0BDAC+6Rrs/dA9eDfxCA5DutvqKqSxwodFEgiMxDLnR0OSrwlYgTFh X+OChdT+L0AyBJsjfsrWByRCm/Eky6JE9QtnmDpusvrYwXmVm/Whe/0W+qJ6rzzU sL0GkZoOUt2JhTdYcJ1o2A+J3RgXUuXUENMrpFhUwwpu7YOaMgCrno64C4wBgK55 KDUCd6i5bM26P4csLNjRO4+qJj4m3Hve/iJgpb510XI3aS4azY/Rm+iXGrlGMi9T PGEDcsjoO3zT7v3l0EA5SEhpbXBHOGy94vRcMBYuUZqhwfa8Mi/h1uTtTHmT/+1f 7eWoO0tPssex6mWIodZo1epKIfjhbW63C571XIB0ZIuqfChj4k5dgthUqeJXpRDl v3l2wd5HYzbGu3Ie37PodIeocnTa2C/o6PvN+wA4+BYWgZXCdCA5TqVrM+HCwzmF Guc6ALYNklgpxas/4ZP6tcQxMgU8oBQ1+3Ufef46iP/jo9CvFRQ5JystLhHLfVpm BgcILk2rYwwWjE0AEQEAAc1ARGF2aWQgRmVybmFuZGV6IEdvbnphbGV6IDxkYXZp ZC5mZXJuYW5kZXpnb256YWxlekBjYW5vbmljYWwuY29tPsLBFAQTAQoAPhYhBIhm zS6qttOZ5NIT3RltQSE48z9kBQJiJe1dAhsDBQkDwmcABQsJCAcDBRUKCQgLBRYC AwEAAh4BAheAAAoJEBltQSE48z9kbG0MALnqt1PxxnNeDW11/d8nV66k/rweAfYT TqzJ0ikuNDh94AdeuLCsOLfMk64d3KMyswD+i8CaFhkKv2kIlD/QzOku3PBUo4PP +NxKWzCWYG3ZcGApgdhr+y7G59ZvuKxO0xxzbRIQmcnAl1qr6PvHpaSQJ/w1eKMl GTVX5PvZNxVvg3TZ6NQhX1n2gIeqCYo4C9e9aIYCk8w4Gu6NyMiUBuy0ybMkz9JL X4wEeRc2aGuWtSAnOayqTyDpleVy0qCH7tufh1ZL0gNFN8UJptivtmVSjNh5nPwU x+a42iTjU3uVUGZ/UdtTOpruXHAX0zporXYXNFzZUG82Um7mYB8ETx1EribDG7TC ktYEA+XBkfZ6JhGeeKMsLt5GmcfXB/+EoKUZjSsx94kqFNAQe6X4Y/158tZ8Gt3J k2Aj/VBZK7lSbFjIB/jdf6ydhwLRIXsAlVx8i2NYa3SxLZMfKaet8LA/y+GNZxnj GCdRT9eEJOZ62VETYwd+pAPW5BamUv8kW87AzQRiJe1dAQwAp0ywqyunvK5Iwn7T x+tzixODvTgwMc+uNrH3o6+Ra6+Bn+YLmuuOwiScRb+sSErXoDz/LgLF0oIB2ZIs Be+FT0m/eUY3xLiGF8L9DvrRSmePyiiml9rrd1wduuhg6hQw6/ef08WayVEzFWCF 63sqQk18ZKatP3WnOhSd0OT5xOXcW2//NJwFni+cjfnYuUMpVNodCwFQJtEeYSZz zxVEJd4AtfM/ynGznPyYIsybt+fUhDvVEI+neWflpLk9jrJ1XIAhObEWkmgH9KQ3 5VGN7aLVBkxdbz2yCM4Auz8+DnDyksxuvZ3wcsM/eyIPFoBLrh3xNLOrERNqjPR3 MSnEGkt3+dkiQ5LbcvOpittix8Ycc6qdYYL6Gfy4Lfr/VZUWeGrGsVc79C+aqQUe 1dJkqGMTk9CRNaGxUlSyQ5ylcyoNlLusPGO/3zPGBIY7fOlqTVR7LFmfyxHcoCmg EqXxhooeJn2PmTOY6E2Ap5ViYr8akucmO6GPJxHXqgW7qNDdABEBAAHCwPwEGAEK ACYWIQSIZs0uqrbTmeTSE90ZbUEhOPM/ZAUCYiXtXQIbDAUJA8JnAAAKCRAZbUEh OPM/ZODXDACkYliQ7r5w5IbBniu2axcW5j3PGd+G9Cm90oirsd9v35qRxErYXwbP b79gBTMxHGgw+4mIz3F2mzzynZ11joW+0Zr8Vgr3BKSNBS5hz9NfcwkdiubkGsoj jhruNUFtQqBNyQIJh9CfECXq2puYY7H6lu13bBNb49TY6XzyvOni2A5WntQqN+Ap /RkxkLIGnBwi4p06OYs9Atda8IrMv0zXxlzRNEqk1cniNsSyRWHruVvN6nhVuvwF sNM6z7F48B8tTh3iKludMPVL5YgGQeVtN3rXOwPCq3f9Y6G67eJxs7HhQYtuj7Gn c3porYgLw2xOh6BOa6dWby0/adS79+FdycEtlNRKlrLMneEL2Sk1zrKVd0uF96yX VOS0nAHllLod67uFgjT85P2MZWN7dPD6jAhv9rOq9cgOCKB+ulACePOpoXDFzgND w5FGDbZtHYnLrJWyyqnas4ms4pnmJsnHAyDBWYS8a6j82D7NSx/7MrH6bAFl18zK 7/zNmhJ06VU=3D =3DJWgW -----END PGP PUBLIC KEY BLOCK-----
--------------MwL1LbIGPoDY0hqMrke07LL0--
--------------FHiKEwI0OIUL8IytUCh3HQWu--
--------------UvQXfRACTW0CnAFK0OLX5b0D Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEiGbNLqq205nk0hPdGW1BITjzP2QFAmJdbWQFAwAAAAAACgkQGW1BITjzP2RS UAwAhmO4E+Ip1kyW/lrX3XO4CrOZY711Kldtg+dJs7DYtL08HTyIzbMghIzqiOApvaSanjVCJDOX /AunywGwI08ziRpXtmztQnwpJJkLrYGXP7BWa+t/YEnr68u3/ve4k84dttAddsooT+P6FsHf0yL6 K08fv3M6Im9vmYT4U0RYIcl9h+x7c0mNtG/bYQOX8WSh19mjVkHBaHkjyC4uNnoTUg8/Yac2Sg4x GB9LoITVJ9cidYaOtyM+BCvY54S13VjP0vtnlCHBVt9yzq4aqaRQ1Kwn6nQV3S09Cd/0bH5CWB3T UtT+cF0uyiuZMjjCGsstvsdox65GEEVjnsiU+Y1DBP5fXS0eELtHjtj/elXenRkw8UWVhF5+U56F 6WaBGMDck4gaj6gTjQEBeJEdJNcbk0GwjR7Ybz/ialTlQg6gh3XvreaFM4doKqkutidsoLn9ta2N N2TnwB1GTH8Jf3IkcC7rJA/Tisx71qPTofinxPE9lOYU8FcSc/Sv6082ib3t =QwX/ -----END PGP SIGNATURE-----
--------------UvQXfRACTW0CnAFK0OLX5b0D--
--===============3375398088513668484== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============3375398088513668484==--
|
|
|
|