drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in eglibc (Aktualisierung)
Name: |
Mehrere Probleme in eglibc (Aktualisierung) |
|
ID: |
USN-2306-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS |
|
Datum: |
Mi, 6. August 2014, 10:48 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043 |
|
Applikationen: |
GNU C library |
|
Update von: |
Mehrere Probleme in eglibc |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0366596827274911077== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="NnRUj36POrUkfebw9iHGulpa8A1plxsrO"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --NnRUj36POrUkfebw9iHGulpa8A1plxsrO Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2306-2 August 05, 2014
eglibc regression ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
USN-2306-1 introduced a regression in the GNU C Library.
Software Description: - eglibc: GNU C Library
Details:
USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the security update cause a regression in certain environments that use the Name Service Caching Daemon (nscd), such as those configured for LDAP or MySQL authentication. In these environments, the nscd daemon may need to be stopped manually for name resolution to resume working so that updates can be downloaded, including environments configured for unattended updates.
We apologize for the inconvenience.
Original advisory details:
Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. (CVE-2013-4357) It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-4458) Stephane Chazelas discovered that the GNU C Library incorrectly handled locale environment variables. An attacker could use this issue to possibly bypass certain restrictions such as the ForceCommand restrictions in OpenSSH. (CVE-2014-0475) David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C Library incorrectly handled posix_spawn_file_actions_addopen() path arguments. An attacker could use this issue to cause a denial of service. (CVE-2014-4043)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.04 LTS: libc6 2.11.1-0ubuntu7.15
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2306-2 http://www.ubuntu.com/usn/usn-2306-1 https://launchpad.net/bugs/1352504
Package Information: https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.15
--NnRUj36POrUkfebw9iHGulpa8A1plxsrO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJT4RYrAAoJEGVp2FWnRL6TUNQP+wXDd9CqJpWV6RsGThS2hC+m INV6QzZbdxGiOLjHU5PXeWYkV+fVzZZPtsnwhr9CHv2wYAEtuMybSDiJ0En9m3Kc x3HNS1ZhZuKL6UmWE4ODFQylLd9EWaCrY9N650d7wqj86x1/AvVie6U0DJlPjWFc qTQNlpUOg8wTvDmRwX4u9qj2qNNwGZWXu4NVbXvFbkbbvHwUryW3y5f2fowPVFE9 M6DzijesHPhhmKcIt+hwQ2WwgCAMlRrA4CCbG+H8RZYfpoPmDO9ZZV/zAvip5un1 518nxaLJQoNa+swYAjiE3tmnK8jPrcNIn0ppMqFIgDqTm/lJsn09UCyOIhV+4tFB qRQDx55jH0puA608YxETIHY3bGGic9SkipRF5FTYIJGXuKrc0G9A6NwGr1nDVE5F /3ouY/bO6WtkKuBNOszZRMVqFOQOW5MHfGofeZCTdjVW5Pv/YngSCS9FZIMi/j1/ 9vtemfYa4lMh7OiOfQhpows8oZU4Rg/kmvsnx/MqxObn2OSPNRXQbBFXdvsZX/Xx s8SVgh4I7xx2yreb3AUcOe3BE4uo/VQqaRoQUFn+wEmE0PxcFLaLPvS8983hIdce fGpNBGLd/6RoZ7IBMV1Y+5B5rEPIsjsbG37S4yDWU9jYuR92AaAAoGXkDa2WJW6U +ejrsdot1Zm78Et4rbtm =mQmC -----END PGP SIGNATURE-----
--NnRUj36POrUkfebw9iHGulpa8A1plxsrO--
--===============0366596827274911077== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0366596827274911077==--
|
|
|
|