Package "libc6-dev-i386"

Name:	libc6-dev-i386
Description:	GNU C Library: 32-bit development libraries for AMD64
Latest version:	2.31-0ubuntu9.17
Release:	focal (20.04)
Level:	security
Repository:	main
Head package:	glibc
Homepage:	https://www.gnu.org/software/libc/libc.html

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "libc6-dev-i386"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "libc6-dev-i386" in Focal

Repository	Area	Version
base	main	2.31-0ubuntu9
updates	main	2.31-0ubuntu9.17

Changelog

Version: 2.31-0ubuntu9.17 2025-02-06 17:06:57 UTC

glibc (2.31-0ubuntu9.17) focal-security; urgency=medium * SECURITY UPDATE: Buffer overflow in the assert function. - debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP calculation and include libc-pointer-arith.h in assert/assert.c and sysdeps/posix/libc_fatal.c. - CVE-2025-0395 -- Hlib Korzhynskyy <email address hidden> Wed, 29 Jan 2025 11:11:47 -0330

Source diff to previous version

CVE-2025-0395

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message stri

Version: 2.31-0ubuntu9.16 2024-05-29 18:08:03 UTC

glibc (2.31-0ubuntu9.16) focal-security; urgency=medium * SECURITY UPDATE: Stack-based buffer overflow - debian/patches/CVE-2024-33599.patch: CVE-2024-33599: nscd: Stack- based buffer overflow in netgroup cache. - CVE-2024-33599 * SECURITY UPDATE: Null pointer - debian/patches/CVE-2024-33600_1.patch: CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response. - debian/patches/CVE-2024-33600_2.patch: CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX. - CVE-2024-33600 * SECURITY UPDATE: Memory corruption - debian/patches/CVE-2024-33601_33602.patch: CVE-2024-33601, CVE- 2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX. - CVE-2024-33601 - CVE-2024-33602 -- Paulo Flabiano Smorigo <email address hidden> Tue, 30 Apr 2024 15:20:18 -0300

Source diff to previous version

CVE-2024-33599	nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then
CVE-2024-33600	nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the
CVE-2024-33601	nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xreallo
CVE-2024-33602	nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the N

Version: 2.31-0ubuntu9.15 2024-04-18 14:06:52 UTC

glibc (2.31-0ubuntu9.15) focal-security; urgency=medium * SECURITY UPDATE: OOB write in iconv plugin ISO-2022-CN-EXT - debian/patches/any/CVE-2024-2961.patch: fix out-of-bound writes when writing escape sequence in iconvdata/Makefile, iconvdata/iso-2022-cn-ext.c, iconvdata/tst-iconv-iso-2022-cn-ext.c. - CVE-2024-2961 -- Marc Deslauriers <email address hidden> Tue, 16 Apr 2024 09:43:50 -0400

Source diff to previous version

CVE-2024-2961

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting string

Version: 2.31-0ubuntu9.14 2023-12-07 18:06:59 UTC

glibc (2.31-0ubuntu9.14) focal-security; urgency=medium * SECURITY UPDATE: use-after-free through getcanonname_r plugin call - debian/patches/any/CVE-2023-4806.patch: copy h_name over and free it at the end (getaddrinfo). - CVE-2023-4806 * SECURITY UPDATE: use-after-free in gaih_inet function - debian/patches/any/CVE-2023-4813.patch: simplify allocations and fix merge and continue actions. - CVE-2023-4813 * debian/testsuite-xfail-debian.mk: add tst-nss-gai-actions and tst-nss-gai-hv2-canonname to xfails (container tests). -- Camila Camargo de Matos <email address hidden> Wed, 22 Nov 2023 10:32:50 -0300

Source diff to previous version

CVE-2023-4806	A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an applicatio
CVE-2023-4813	A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. Th

Version: 2.31-0ubuntu9.7 2022-03-01 17:07:16 UTC

glibc (2.31-0ubuntu9.7) focal-security; urgency=medium * SECURITY UPDATE: infinite loop in iconv - debian/patches/any/CVE-2016-10228-1.patch: rewrite iconv option parsing in iconv/Makefile, iconv/Versions, iconv/gconv_charset.c, iconv/gconv_charset.h, iconv/gconv_int.h, iconv/gconv_open.c, iconv/iconv_open.c, iconv/iconv_prog.c, iconv/tst-iconv-opt.c, iconv/tst-iconv_prog.sh, intl/dcigettext.c. - debian/patches/any/CVE-2016-10228-2.patch: handle translation output codesets with suffixes in iconv/Versions, iconv/gconv_charset.c, iconv/gconv_charset.h, iconv/gconv_int.h, iconv/iconv_open.c, iconv/iconv_prog.c, intl/dcigettext.c, intl/tst-codeset.c. - CVE-2016-10228 * SECURITY UPDATE: buffer over-read in iconv - debian/patches/any/CVE-2019-25013.patch: fix buffer overrun in EUC-KR conversion module in iconvdata/bug-iconv13.c, iconvdata/euc-kr.c, iconvdata/ksc5601.h. - CVE-2019-25013 * SECURITY UPDATE: another infinite loop in iconv - debian/patches/any/CVE-2020-27618.patch: fix issue in iconv/tst-iconv_prog.sh, iconvdata/ibm1364.c. - CVE-2020-27618 * SECURITY UPDATE: DoS via assert in iconv - debian/patches/any/CVE-2020-29562.patch: fix incorrect UCS4 inner loop bounds in iconv/Makefile, iconv/gconv_simple.c, iconv/tst-iconv8.c. - CVE-2020-29562 * SECURITY UPDATE: signed comparison issue in ARMv7 memcpy - debian/patches/any/CVE-2020-6096-pre1.patch: add support_blob_repeat_allocate_shared in support/blob_repeat.c, support/blob_repeat.h, support/tst-support_blob_repeat.c. - debian/patches/any/CVE-2020-6096-1.patch: add test case in string/Makefile, string/tst-memmove-overflow.c. - debian/patches/any/CVE-2020-6096-2.patch: mark test as as XFAIL in string/tst-memmove-overflow.c, sysdeps/arm/Makefile. - debian/patches/any/CVE-2020-6096-3.patch: fix memcpy and memmove for negative length in sysdeps/arm/memcpy.S, sysdeps/arm/memmove.S. - debian/patches/any/CVE-2020-6096-4.patch: fix multiarch memcpy for negative length in sysdeps/arm/armv7/multiarch/memcpy_impl.S. - debian/patches/any/CVE-2020-6096-5.patch: remove string/tst-memmove-overflow XFAIL in sysdeps/arm/Makefile. - CVE-2020-6096 * SECURITY UPDATE: double-free in nscd - debian/patches/any/CVE-2021-27645.patch: track live allocation better in nscd/netgroupcache.c. - CVE-2021-27645 * SECURITY UPDATE: assertion fail in iconv - debian/patches/any/CVE-2021-3326.patch: fix assertion failure in ISO-2022-JP-3 module in iconvdata/Makefile, iconvdata/bug-iconv14.c, iconvdata/iso-2022-jp-3.c. - CVE-2021-3326 * SECURITY UPDATE: overflow in wordexp via crafted pattern - debian/patches/any/CVE-2021-35942.patch: handle overflow in positional parameter number in posix/wordexp-test.c, posix/wordexp.c. - CVE-2021-35942 * SECURITY UPDATE: Off-by-one buffer overflow/underflow in getcwd() - debian/patches/any/CVE-2021-3999.patch: set errno to ERANGE for size == 1 in sysdeps/posix/getcwd.c. - CVE-2021-3999 * SECURITY UPDATE: DoS via long svcunix_create path argument - debian/patches/any/CVE-2022-23218-pre1.patch: add the __sockaddr_un_set function in include/sys/un.h, socket/Makefile, socket/sockaddr_un_set.c, socket/tst-sockaddr_un_set.c. - debian/patches/any/CVE-2022-23218.patch: fix buffer overflow in sunrpc/svc_unix.c. - CVE-2022-23218 * SECURITY UPDATE: DoS via long clnt_create hostname argument - debian/patches/any/CVE-2022-23219.patch: fix buffer overflow in sunrpc/clnt_gen.c. - CVE-2022-23219 * debian/rules.d/build.mk: build with --with-default-link=no. * This package does _NOT_ contain the changes from (2.31-0ubuntu9.5) in focal-proposed. -- Marc Deslauriers <email address hidden> Thu, 24 Feb 2022 14:42:40 -0500

CVE-2016-10228	The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSL
CVE-2019-25013	The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding,
CVE-2020-27618	The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371
CVE-2020-29562	The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an a
CVE-2020-6096	An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets
CVE-2021-27645	The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may
CVE-2021-3326	The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding,
CVE-2021-35942	The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called
CVE-2021-3999	Off-by-one buffer overflow/underflow in getcwd()
CVE-2022-23218	The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on t
CVE-2022-23219	The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on

About - Send Feedback to @ubuntu_updates

Package "libc6-dev-i386"

Links

Download "libc6-dev-i386"

Other versions of "libc6-dev-i386" in Focal

Changelog

Share this page

Bookmarks

Latest updates

security

PPA updates