UbuntuUpdates.org

Package "glibc"

Name: glibc

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GNU C Library: sources
  • GNU C Library: PIC archive library
  • GNU C Library: Precompiled locale data
  • GNU C Library: Name Service Cache Daemon

Latest version: 2.27-3ubuntu1.2
Release: bionic (18.04)
Level: security
Repository: universe

Links



Other versions of "glibc" in Bionic

Repository Area Version
base universe 2.27-3ubuntu1
base main 2.27-3ubuntu1
security main 2.27-3ubuntu1.2
updates main 2.27-3ubuntu1.2
updates universe 2.27-3ubuntu1.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.27-3ubuntu1.2 2020-07-06 19:06:50 UTC

  glibc (2.27-3ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: integer overflow in realpath
    - debian/patches/any/CVE-2018-11236.patch: fix path length overflow in
      realpath in stdlib/Makefile, stdlib/canonicalize.c,
      stdlib/test-bz22786.c.
    - CVE-2018-11236
  * SECURITY UPDATE: buffer overflow in __mempcpy_avx512_no_vzeroupper
    - debian/patches/any/CVE-2018-11237-1.patch: don't write beyond
      destination in string/test-mempcpy.c,
      sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S.
    - debian/patches/any/CVE-2018-11237-2.patch: add a test case in
      string/test-memcpy.c.
    - CVE-2018-11237
  * SECURITY UPDATE: if_nametoindex() does not close descriptor
    - debian/patches/any/CVE-2018-19591.patch: fix descriptor for overlong
      name in sysdeps/unix/sysv/linux/if_index.c.
    - CVE-2018-19591
  * SECURITY UPDATE: heap over-read via regular-expression match
    - debian/patches/any/CVE-2019-9169.patch: fix read overrun in
      posix/regexec.c.
    - CVE-2019-9169
  * SECURITY UPDATE: ASLR bypass
    - debian/patches/any/CVE-2019-19126.patch: check __libc_enable_secure
      before honoring LD_PREFER_MAP_32BIT_EXEC in
      sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h.
    - CVE-2019-19126
  * SECURITY UPDATE: out-of-bounds write on PowerPC
    - debian/patches/any/CVE-2020-1751.patch: fix array overflow in
      backtrace on PowerPC in debug/tst-backtrace5.c,
      sysdeps/powerpc/powerpc32/backtrace.c,
      sysdeps/powerpc/powerpc64/backtrace.c.
    - CVE-2020-1751
  * SECURITY UPDATE: use-after-free via tilde expansion
    - debian/patches/any/CVE-2020-1752.patch: fix use-after-free in glob
      when expanding ~user in posix/glob.c.
    - CVE-2020-1752
  * SECURITY UPDATE: stack overflow via 80-bit long double function
    - debian/patches/any/CVE-2020-10029-1.patch: avoid ldbl-96 stack
      corruption from range reduction of pseudo-zero in
      sysdeps/ieee754/ldbl-96/Makefile,
      sysdeps/ieee754/ldbl-96/e_rem_pio2l.c,
      sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c.
    - debian/patches/any/CVE-2020-10029-2.patch: use stack protector only
      if available in sysdeps/ieee754/ldbl-96/Makefile.
    - CVE-2020-10029

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2020 13:25:26 -0400

CVE-2018-11236 stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath functi
CVE-2018-11237 An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the targ
CVE-2018-19591 In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socke
CVE-2019-9169 In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-
CVE-2019-19126 On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during progra
CVE-2020-1751 An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function
CVE-2020-1752 A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths co
CVE-2020-10029 The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double func



About   -   Send Feedback to @ubuntu_updates