UbuntuUpdates.org

Package "multiarch-support"

Name: multiarch-support

Description:

Transitional package to ensure multiarch compatibility

Latest version: 2.27-3ubuntu1.6
Release: bionic (18.04)
Level: updates
Repository: main
Head package: glibc
Homepage: https://www.gnu.org/software/libc/libc.html

Links


Download "multiarch-support"


Other versions of "multiarch-support" in Bionic

Repository Area Version
base main 2.27-3ubuntu1
security main 2.27-3ubuntu1.5

Changelog

Version: 2.27-3ubuntu1.6 2022-05-24 23:06:21 UTC

  glibc (2.27-3ubuntu1.6) bionic; urgency=medium

  [ Gunnar Hjalmarsson ]
  * d/local/usr_sbin/update-locale: improve sanity checks. (LP: #1892825)

  [ Aurelien Jarno ]
  * debian/debhelper.in/libc.preinst: drop the check for kernel release
    > 255 now that glibc and preinstall script are fixed. (LP: #1962225)

 -- Michael Hudson-Doyle <email address hidden> Tue, 03 May 2022 22:19:39 +1200

Source diff to previous version
1962225 preinst check that kernel revision \u003c 255 now does more harm than good

Version: 2.27-3ubuntu1.5 2022-03-01 18:06:52 UTC

  glibc (2.27-3ubuntu1.5) bionic-security; urgency=medium

  * SECURITY UPDATE: infinite loop in iconv
    - debian/patches/any/CVE-2016-10228-pre1.patch: add xsetlocale function
      in support/Makefile, support/support.h, support/xsetlocale.c.
    - debian/patches/any/CVE-2016-10228-1.patch: rewrite iconv option
      parsing in iconv/Makefile, iconv/Versions, iconv/gconv_charset.c,
      iconv/gconv_charset.h, iconv/gconv_int.h, iconv/gconv_open.c,
      iconv/iconv_open.c, iconv/iconv_prog.c, iconv/tst-iconv-opt.c,
      iconv/tst-iconv_prog.sh, intl/dcigettext.c.
    - debian/patches/any/CVE-2016-10228-2.patch: handle translation output
      codesets with suffixes in iconv/Versions, iconv/gconv_charset.c,
      iconv/gconv_charset.h, iconv/gconv_int.h, iconv/iconv_open.c,
      iconv/iconv_prog.c, intl/dcigettext.c, intl/tst-codeset.c.
    - CVE-2016-10228
  * SECURITY UPDATE: buffer over-read in iconv
    - debian/patches/any/CVE-2019-25013.patch: fix buffer overrun in EUC-KR
      conversion module in iconvdata/bug-iconv13.c, iconvdata/euc-kr.c,
      iconvdata/ksc5601.h.
    - CVE-2019-25013
  * SECURITY UPDATE: another infinite loop in iconv
    - debian/patches/any/CVE-2020-27618.patch: fix issue in
      iconvdata/ibm1364.c.
    - CVE-2020-27618
  * SECURITY UPDATE: DoS via assert in iconv
    - debian/patches/any/CVE-2020-29562.patch: fix incorrect UCS4 inner
      loop bounds in iconv/Makefile, iconv/gconv_simple.c,
      iconv/tst-iconv8.c.
    - CVE-2020-29562
  * SECURITY UPDATE: signed comparison issue in ARMv7 memcpy
    - debian/patches/any/CVE-2020-6096-3.patch: fix memcpy and memmove for
      negative length in sysdeps/arm/memcpy.S, sysdeps/arm/memmove.S.
    - debian/patches/any/CVE-2020-6096-4.patch: fix multiarch memcpy for
      negative length in sysdeps/arm/armv7/multiarch/memcpy_impl.S.
    - CVE-2020-6096
  * SECURITY UPDATE: assertion fail in iconv
    - debian/patches/any/CVE-2021-3326.patch: fix assertion failure in
      ISO-2022-JP-3 module in iconvdata/Makefile, iconvdata/bug-iconv14.c,
      iconvdata/iso-2022-jp-3.c.
    - CVE-2021-3326
  * SECURITY UPDATE: overflow in wordexp via crafted pattern
    - debian/patches/any/CVE-2021-35942.patch: handle overflow in
      positional parameter number in posix/wordexp-test.c, posix/wordexp.c.
    - CVE-2021-35942
  * SECURITY UPDATE: Off-by-one buffer overflow/underflow in getcwd()
    - debian/patches/any/CVE-2021-3999.patch: set errno to ERANGE for
      size == 1 in sysdeps/posix/getcwd.c.
    - CVE-2021-3999
  * SECURITY UPDATE: DoS via long svcunix_create path argument
    - debian/patches/any/CVE-2022-23218-pre1.patch: add the
      __sockaddr_un_set function in include/sys/un.h, socket/Makefile,
      socket/sockaddr_un_set.c, socket/tst-sockaddr_un_set.c.
    - debian/patches/any/CVE-2022-23218.patch: fix buffer overflow in
      sunrpc/svc_unix.c.
    - CVE-2022-23218
  * SECURITY UPDATE: DoS via long clnt_create hostname argument
    - debian/patches/any/CVE-2022-23219.patch: fix buffer overflow in
      sunrpc/clnt_gen.c.
    - CVE-2022-23219
  * debian/patches/any/fix_test-errno-linux.patch: Handle EINVAL from
    quotactl in newer kernels in
    sysdeps/unix/sysv/linux/test-errno-linux.c.

 -- Marc Deslauriers <email address hidden> Mon, 24 Jan 2022 07:53:44 -0500

Source diff to previous version
CVE-2016-10228 The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSL
CVE-2019-25013 The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding,
CVE-2020-27618 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371
CVE-2020-29562 The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an a
CVE-2020-6096 An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets
CVE-2021-3326 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding,
CVE-2021-35942 The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called
CVE-2021-3999 Off-by-one buffer overflow/underflow in getcwd()
CVE-2022-23218 The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on t
CVE-2022-23219 The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on

Version: 2.27-3ubuntu1.4 2020-12-16 16:08:28 UTC

  glibc (2.27-3ubuntu1.4) bionic; urgency=medium

  [ Balint Reczey ]
  * tests: XFAIL new tst-support_descriptors on armel, too.
    The armhf build builds for armel, too, thus this fixes the armhf autopkgtest.
    (LP: #1895920)

  [ Adam Conrad ]
  * debian/patches/arm/unsubmitted-ldso-abi-check.diff: Fix rtld segv in dl_open()
    introduced via merge with upstream at 2.28 and when backporting upstream's
    2.27/master changes. (LP: #1821677)

 -- Balint Reczey <email address hidden> Mon, 07 Dec 2020 17:38:09 +0100

Source diff to previous version
1895920 glibc 2.27-3ubuntu1.3 ADT test failure with linux Bionic armhf
1821677 dl_open segment fault in ubuntu18.10 glibc2.28

Version: 2.27-3ubuntu1.3 2020-11-02 20:06:38 UTC

  glibc (2.27-3ubuntu1.3) bionic; urgency=medium

  [ Balint Reczey ]
  * debian/gbp.conf: Add initial configuration
  * debian/control.in/main: Add Vcs-* pointing to Ubuntu packaging repository
  * arm64: Enable searching shared libraries in atomics/ on LSE HW
  * Ship arm64 variant with LSE support in libc6-lse (LP: #1885012)
  * Run tests of libc6-lse on HW supporting LSE
  * debian/patches/git-updates.diff: update from upstream stable branch
    - pthread_cond_broadcast: Fix waiters-after-spinning case
    - Fix SSe2-based memmove corrupting memory (CVE-2017-18269)
    - Fix strstr() performance regression on Haswell processors
    - Support Japanese new era "令和 (Reiwa)"
    - io: Remove copy_file_range emulation
    (LP: #1851263, #1858203, #1838327, #1797335, #1756209, #1853193)
  * XFAIL stdlib/tst-getrandom (LP: #1891403)
  * debian/testsuite-xfail-debian.mk: XFAIL new tst-support_descriptors

  [ Thadeu Lima de Souza Cascardo ]
  * tests: Make preadwritev2 invalid flags tests unsupported (LP: #1770480)

  [ Andreas Hasenack ]
  * branch-pthread_rwlock_trywrlock-hang-23844.patch:
    nptl: Fix pthread_rwlock_try*lock stalls (Bug 23844) (LP: #1864864)

 -- Balint Reczey <email address hidden> Wed, 02 Sep 2020 11:18:37 +0200

Source diff to previous version
1885012 Provide libc6-lse binary package optimized for Large System Extensions (LSE)
1851263 Ubuntu 18.04.3 LTS bump Glibc 2.27 to the latest stable
1891403 glibc tst-getrandom test needs more entropy causing test failures
1770480 preadv2 test does not consider new flag from linux 4.16
1864864 [SRU] pthread_rwlock_trywrlock results in hang
CVE-2017-18269 An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.

Version: 2.27-3ubuntu1.2 2020-07-06 20:06:29 UTC

  glibc (2.27-3ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: integer overflow in realpath
    - debian/patches/any/CVE-2018-11236.patch: fix path length overflow in
      realpath in stdlib/Makefile, stdlib/canonicalize.c,
      stdlib/test-bz22786.c.
    - CVE-2018-11236
  * SECURITY UPDATE: buffer overflow in __mempcpy_avx512_no_vzeroupper
    - debian/patches/any/CVE-2018-11237-1.patch: don't write beyond
      destination in string/test-mempcpy.c,
      sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S.
    - debian/patches/any/CVE-2018-11237-2.patch: add a test case in
      string/test-memcpy.c.
    - CVE-2018-11237
  * SECURITY UPDATE: if_nametoindex() does not close descriptor
    - debian/patches/any/CVE-2018-19591.patch: fix descriptor for overlong
      name in sysdeps/unix/sysv/linux/if_index.c.
    - CVE-2018-19591
  * SECURITY UPDATE: heap over-read via regular-expression match
    - debian/patches/any/CVE-2019-9169.patch: fix read overrun in
      posix/regexec.c.
    - CVE-2019-9169
  * SECURITY UPDATE: ASLR bypass
    - debian/patches/any/CVE-2019-19126.patch: check __libc_enable_secure
      before honoring LD_PREFER_MAP_32BIT_EXEC in
      sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h.
    - CVE-2019-19126
  * SECURITY UPDATE: out-of-bounds write on PowerPC
    - debian/patches/any/CVE-2020-1751.patch: fix array overflow in
      backtrace on PowerPC in debug/tst-backtrace5.c,
      sysdeps/powerpc/powerpc32/backtrace.c,
      sysdeps/powerpc/powerpc64/backtrace.c.
    - CVE-2020-1751
  * SECURITY UPDATE: use-after-free via tilde expansion
    - debian/patches/any/CVE-2020-1752.patch: fix use-after-free in glob
      when expanding ~user in posix/glob.c.
    - CVE-2020-1752
  * SECURITY UPDATE: stack overflow via 80-bit long double function
    - debian/patches/any/CVE-2020-10029-1.patch: avoid ldbl-96 stack
      corruption from range reduction of pseudo-zero in
      sysdeps/ieee754/ldbl-96/Makefile,
      sysdeps/ieee754/ldbl-96/e_rem_pio2l.c,
      sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c.
    - debian/patches/any/CVE-2020-10029-2.patch: use stack protector only
      if available in sysdeps/ieee754/ldbl-96/Makefile.
    - CVE-2020-10029

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2020 13:25:26 -0400

CVE-2018-11236 stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath functi
CVE-2018-11237 An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the targ
CVE-2018-19591 In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socke
CVE-2019-9169 In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-
CVE-2019-19126 On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during progra
CVE-2020-1751 An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function
CVE-2020-1752 A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths co
CVE-2020-10029 The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double func



About   -   Send Feedback to @ubuntu_updates