============================================================================ Ubuntu Security Notice USN-2519-1 February 26, 2015 eglibc, glibc vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in the GNU C Library. Software Description: - glibc: GNU C Library - eglibc: GNU C Library Details: Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file descriptors when resolving DNS queries under high load. This may cause a denial of service in other applications, or an information leak. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7423) It was discovered that the GNU C Library incorrectly handled receiving a positive answer while processing the network name when performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to hang, resulting in a denial of service. (CVE-2014-9402) Joseph Myers discovered that the GNU C Library wscanf function incorrectly handled memory. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1472, CVE-2015-1473) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libc6 2.19-10ubuntu2.3 Ubuntu 14.04 LTS: libc6 2.19-0ubuntu6.6 Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.11 Ubuntu 10.04 LTS: libc6 2.11.1-0ubuntu7.21 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2519-1 CVE-2013-7423, CVE-2014-9402, CVE-2015-1472, CVE-2015-1473 Package Information: https://launchpad.net/ubuntu/+source/glibc/2.19-10ubuntu2.3 https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.6 https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.11 https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.21