Sicherheit: Ausführen beliebiger Kommandos in GNU C Library (Aktualisierung)

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1286934430593310708==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------X8pJ50R1GCL095wSCdbo9oPK"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------X8pJ50R1GCL095wSCdbo9oPK
Content-Type: multipart/mixed;
boundary="------------g2k3zCCeYqGLoj3EknKqFcsT";
protected-headers="v1"
From: Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>
Reply-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <876c5ba5-ed1e-4410-889d-4d40e7dca6b0@canonical.com>
Subject: [USN-7259-2] GNU C Library vulnerability

--------------g2k3zCCeYqGLoj3EknKqFcsT
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7259-2
February 10, 2025

glibc vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

GNU C Library could be made to crash or run programs if it received
specially crafted input.

Software Description:
- glibc: GNU C Library

Details:

USN-7259-1 fixed a vulnerability in GNU C Library. This update provides the
corresponding update for Ubuntu 16.04 LTS.

Original advisory details:

It was discovered that GNU C Library incorrectly handled memory when using
the assert function. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
libc6 2.23-0ubuntu11.3+esm8
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7259-2
https://ubuntu.com/security/notices/USN-7259-1
CVE-2025-0395

--------------g2k3zCCeYqGLoj3EknKqFcsT--

--------------X8pJ50R1GCL095wSCdbo9oPK
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmeqI04FAwAAAAAACgkQyfW2m9Ldu6uR
Tg//fW65Eh9nlFDh296jM79dF8OJKG1u/29bmd8UuMER6/R7bXUz1iG4IVqPbIhbhsg3oUDmo2Sr
LnqXCxfqkd/JxbE+4TXVtvIaePma6yrkDcGd4JuycWDqbrUpVU+zL6vrPSpCSjh3l7iKaIICE88C
YLuOJNsgE+BtlLZ44rhwwsBPI7nJNgjOW5IugpRNLC5sU/MQWyhIC+PEPMnOL8mYQf8aAXOiDlgE
vhxfDolvv3P+liYOwWj5vvb00NwpZhfkhxFDxRMngtU7+iP9+wxpLbtjB84LGvH735J+iBvnMO/K
0enR8ziCO84q/DvpHh/QrEWMoJQHemL6WRA473Xzf1lZx+KQC9TCf6WKZifrtHhRWbOxmHWapSPk
ZTN+GewUktPeESoU7TqkdVQ6o2j7KZVv4TFFE5z9lFvk2Rw72wVQTpYUWUfy7j+MLfu+n+m2Reap
NA8vETdVXu0t9CbpR8idsM7VPiGr2E2Pan8YcYOyVAOwfxgeujyKWD3kE3cUw6CRVI5XZIB4/Jyb
qM/GsedsDYwiNWSndExFS6YGwJURbJkBGaE6To7bcjGPfiUNFi3XraSOQfGZyyEP6vvdGYLisxZH
52gGzm6IuEgNF6mabPiGjR47yMs0irvanRfy90DZrdpgv5gEixDSROiEEuyLSrbnTsDEC4pQY2HV
tD4=
=QDek
-----END PGP SIGNATURE-----

--------------X8pJ50R1GCL095wSCdbo9oPK--

--===============1286934430593310708==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============1286934430593310708==--