Ubuntu Security Notice USN-2306-1

Ubuntu Security Notice USN-2306-1: Posted Aug 4, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2306-1 - Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Various other issues were also addressed.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043; SHA-256 | d3ab72f234d3127e89f898188c884fa871546397dcd29ae63cfb9595750ab3ac; Download | Favorite | View

Ubuntu Security Notice USN-2306-1

============================================================================
Ubuntu Security Notice USN-2306-1
August 04, 2014

eglibc vulnerabilities
============================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the GNU C Library.

Software Description:
- eglibc: GNU C Library

Details:

Maksymilian Arciemowicz discovered that the GNU C Library incorrectly
handled the getaddrinfo() function. An attacker could use this issue to
cause a denial of service. This issue only affected Ubuntu 10.04 LTS.
(CVE-2013-4357)

It was discovered that the GNU C Library incorrectly handled the
getaddrinfo() function. An attacker could use this issue to cause a denial
of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.
(CVE-2013-4458)

Stephane Chazelas discovered that the GNU C Library incorrectly handled
locale environment variables. An attacker could use this issue to possibly
bypass certain restrictions such as the ForceCommand restrictions in
OpenSSH. (CVE-2014-0475)

David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C
Library incorrectly handled posix_spawn_file_actions_addopen() path
arguments. An attacker could use this issue to cause a denial of service.
(CVE-2014-4043)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  libc6                           2.19-0ubuntu6.1

Ubuntu 12.04 LTS:
  libc6                           2.15-0ubuntu10.6

Ubuntu 10.04 LTS:
  libc6                           2.11.1-0ubuntu7.14

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2306-1
  CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043

Package Information:
  https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.1
  https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.6
  https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.14

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 87 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

Ubuntu Security Notice USN-2306-1

Ubuntu Security Notice USN-2306-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-2306-1

Share This

Ubuntu Security Notice USN-2306-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems