UbuntuUpdates.org

Package "eglibc"

Name: eglibc

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Embedded GNU C Library: Documentation
  • Embedded GNU C Library: Binaries
  • Embedded GNU C Library: Development binaries
  • Embedded GNU C Library: Shared libraries

Latest version: 2.15-0ubuntu10.23
Release: precise (12.04)
Level: updates
Repository: main

Links



Other versions of "eglibc" in Precise

Repository Area Version
base universe 2.15-0ubuntu10
base main 2.15-0ubuntu10
security main 2.15-0ubuntu10.23
security universe 2.15-0ubuntu10.23
updates universe 2.15-0ubuntu10.23

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.15-0ubuntu10.23 2021-05-03 15:06:25 UTC

  eglibc (2.15-0ubuntu10.23) precise-security; urgency=medium

  * Removing locale/locales-all from debian/control since in Precise
    it uses langpack-locales and no binary is created in eglibc for locales

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 05 Mar 2020 13:38:43 -0300

Source diff to previous version

Version: 2.15-0ubuntu10.18 2017-03-24 06:06:40 UTC

  eglibc (2.15-0ubuntu10.18) precise-security; urgency=medium

  * REGRESSION UPDATE: IPv6 addresses not being returned from a
    dual-stack ipv4-ipv6 host query.
    - Revert patches/any/CVE-2016-3706.diff (LP: #1674776)

 -- Steve Beattie <email address hidden> Thu, 23 Mar 2017 11:38:25 -0700

Source diff to previous version
1674776 getaddrinfo() dont work correct with ipv4+ipv6 addreses aftrer upgrade libc6 in Ubuntu Precise
CVE-2016-3706 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attack

Version: 2.15-0ubuntu10.17 2017-03-22 01:06:55 UTC

  eglibc (2.15-0ubuntu10.17) precise-security; urgency=medium

  * REGRESSION UPDATE: Previous update introduce ABI breakage in
    internal glibc query ABI
    - Back out patches/any/CVE-2015-5180-regression.diff
      (LP: #1674532)

 -- Steve Beattie <email address hidden> Tue, 21 Mar 2017 08:49:32 -0700

Source diff to previous version
CVE-2015-5180 DNS resolver NULL pointer dereference with crafted record type

Version: 2.15-0ubuntu10.16 2017-03-21 03:06:47 UTC

  eglibc (2.15-0ubuntu10.16) precise-security; urgency=medium

  * SECURITY UPDATE: multiple overflows in strxfrm()
    - patches/any/CVE-2015-8982.diff: Fix memory handling in strxfrm_l
    - CVE-2015-8982
  * SECURITY UPDATE: _IO_wstr_overflow integer overflow
    - patches/any/CVE-2015-8983.diff: Add checks for integer overflow
    - CVE-2015-8983
  * SECURITY UPDATE: buffer overflow (read past end of buffer) in
    internal_fnmatch
    - patches/any/CVE-2015-8984.diff: Remove extra increment when
      skipping over collating symbol inside a bracket expression.
    - CVE-2015-8984
  * SECURITY UPDATE: DNS resolver NULL pointer dereference with
    crafted record type
    - patches/any/CVE-2015-5180.diff: Use out of band signaling for
      internal queries
    - CVE-2015-5180
  * SECURITY UPDATE: stack-based buffer overflow in the glob
    implementation
    - patches/any/CVE-2016-1234.diff: Simplify the interface for the
      GLOB_ALTDIRFUNC callback gl_readdir
    - CVE-2016-1234
  * SECURITY UPDATE: getaddrinfo: stack overflow in hostent conversion
    - patches/any/CVE-2016-3706.diff: Use a heap allocation instead
    - CVE-2016-3706:
  * SECURITY UPDATE: stack exhaustion in clntudp_call
    - patches/any/CVE-2016-4429.diff: Use malloc/free for the error
      payload.
    - CVE-2016-4429
  * SECURITY UPDATE: ARM32 backtrace infinite loop (DoS)
    - patches/any/CVE-2016-6323.diff: mark __startcontext as
      .cantunwind
    - CVE-2016-6323

 -- Steve Beattie <email address hidden> Mon, 06 Mar 2017 09:37:30 -0800

Source diff to previous version
CVE-2015-8982 Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial o
CVE-2015-8983 Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c ...
CVE-2015-8984 The fnmatch function in the GNU C Library (aka glibc or libc6) before ...
CVE-2015-5180 DNS resolver NULL pointer dereference with crafted record type
CVE-2016-1234 Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-depende
CVE-2016-3706 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attack
CVE-2016-4429 Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to caus
CVE-2016-6323 The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI

Version: 2.15-0ubuntu10.15 2016-05-26 19:06:50 UTC

  eglibc (2.15-0ubuntu10.15) precise-security; urgency=medium

  * REGRESSION UPDATE: revert CVE-2014-9761 fix due to added symbol
    dependency from libm to libc (LP: #1585614)
    - debian/patches/any/CVE-2014-9761-2.diff: keep exporting
      __strto*_nan symbols added to libc.

 -- Steve Beattie <email address hidden> Thu, 26 May 2016 00:08:17 -0700

1585614 libc on 2016-05-25 causes Apache not to restart, libm.so.6: symbol __strtold_nan, version GLIBC_PRIVATE not defined in file libc.so.6 with link time
CVE-2014-9761 Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of se



About   -   Send Feedback to @ubuntu_updates