UbuntuUpdates.org

Package "glibc"

Name: glibc

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GNU C Library: sources
  • GNU C Library: PIC archive library
  • GNU C Library: Name Service Cache Daemon

Latest version: 2.31-0ubuntu9.14
Release: focal (20.04)
Level: updates
Repository: universe

Links



Other versions of "glibc" in Focal

Repository Area Version
base universe 2.31-0ubuntu9
base main 2.31-0ubuntu9
security main 2.31-0ubuntu9.14
security universe 2.31-0ubuntu9.14
updates main 2.31-0ubuntu9.14

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.31-0ubuntu9.14 2023-12-07 18:07:03 UTC

  glibc (2.31-0ubuntu9.14) focal-security; urgency=medium

  * SECURITY UPDATE: use-after-free through getcanonname_r plugin call
    - debian/patches/any/CVE-2023-4806.patch: copy h_name over and free it at
      the end (getaddrinfo).
    - CVE-2023-4806
  * SECURITY UPDATE: use-after-free in gaih_inet function
    - debian/patches/any/CVE-2023-4813.patch: simplify allocations and fix
      merge and continue actions.
    - CVE-2023-4813
  * debian/testsuite-xfail-debian.mk: add tst-nss-gai-actions and
    tst-nss-gai-hv2-canonname to xfails (container tests).

 -- Camila Camargo de Matos <email address hidden> Wed, 22 Nov 2023 10:32:50 -0300

Source diff to previous version
CVE-2023-4806 A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an applicatio
CVE-2023-4813 A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. Th

Version: 2.31-0ubuntu9.12 2023-10-02 18:06:53 UTC

  glibc (2.31-0ubuntu9.12) focal; urgency=medium

  * Drop SVE memcpy implementation due to kernel-related performance
    regression

Source diff to previous version

Version: 2.31-0ubuntu9.9 2022-05-11 04:06:22 UTC

  glibc (2.31-0ubuntu9.9) focal; urgency=medium

  * Disable testsuite on riscv64. It is failing maths tests intermittently in
    ways that cannot be a glibc regression and is disabled in later series
    anyway.

Source diff to previous version

Version: 2.31-0ubuntu9.7 2022-03-01 18:06:58 UTC

  glibc (2.31-0ubuntu9.7) focal-security; urgency=medium

  * SECURITY UPDATE: infinite loop in iconv
    - debian/patches/any/CVE-2016-10228-1.patch: rewrite iconv option
      parsing in iconv/Makefile, iconv/Versions, iconv/gconv_charset.c,
      iconv/gconv_charset.h, iconv/gconv_int.h, iconv/gconv_open.c,
      iconv/iconv_open.c, iconv/iconv_prog.c, iconv/tst-iconv-opt.c,
      iconv/tst-iconv_prog.sh, intl/dcigettext.c.
    - debian/patches/any/CVE-2016-10228-2.patch: handle translation output
      codesets with suffixes in iconv/Versions, iconv/gconv_charset.c,
      iconv/gconv_charset.h, iconv/gconv_int.h, iconv/iconv_open.c,
      iconv/iconv_prog.c, intl/dcigettext.c, intl/tst-codeset.c.
    - CVE-2016-10228
  * SECURITY UPDATE: buffer over-read in iconv
    - debian/patches/any/CVE-2019-25013.patch: fix buffer overrun in EUC-KR
      conversion module in iconvdata/bug-iconv13.c, iconvdata/euc-kr.c,
      iconvdata/ksc5601.h.
    - CVE-2019-25013
  * SECURITY UPDATE: another infinite loop in iconv
    - debian/patches/any/CVE-2020-27618.patch: fix issue in
      iconv/tst-iconv_prog.sh, iconvdata/ibm1364.c.
    - CVE-2020-27618
  * SECURITY UPDATE: DoS via assert in iconv
    - debian/patches/any/CVE-2020-29562.patch: fix incorrect UCS4 inner
      loop bounds in iconv/Makefile, iconv/gconv_simple.c,
      iconv/tst-iconv8.c.
    - CVE-2020-29562
  * SECURITY UPDATE: signed comparison issue in ARMv7 memcpy
    - debian/patches/any/CVE-2020-6096-pre1.patch: add
      support_blob_repeat_allocate_shared in support/blob_repeat.c,
      support/blob_repeat.h, support/tst-support_blob_repeat.c.
    - debian/patches/any/CVE-2020-6096-1.patch: add test case in
      string/Makefile, string/tst-memmove-overflow.c.
    - debian/patches/any/CVE-2020-6096-2.patch: mark test as as XFAIL in
      string/tst-memmove-overflow.c, sysdeps/arm/Makefile.
    - debian/patches/any/CVE-2020-6096-3.patch: fix memcpy and memmove for
      negative length in sysdeps/arm/memcpy.S, sysdeps/arm/memmove.S.
    - debian/patches/any/CVE-2020-6096-4.patch: fix multiarch memcpy for
      negative length in sysdeps/arm/armv7/multiarch/memcpy_impl.S.
    - debian/patches/any/CVE-2020-6096-5.patch: remove
      string/tst-memmove-overflow XFAIL in sysdeps/arm/Makefile.
    - CVE-2020-6096
  * SECURITY UPDATE: double-free in nscd
    - debian/patches/any/CVE-2021-27645.patch: track live allocation better
      in nscd/netgroupcache.c.
    - CVE-2021-27645
  * SECURITY UPDATE: assertion fail in iconv
    - debian/patches/any/CVE-2021-3326.patch: fix assertion failure in
      ISO-2022-JP-3 module in iconvdata/Makefile, iconvdata/bug-iconv14.c,
      iconvdata/iso-2022-jp-3.c.
    - CVE-2021-3326
  * SECURITY UPDATE: overflow in wordexp via crafted pattern
    - debian/patches/any/CVE-2021-35942.patch: handle overflow in
      positional parameter number in posix/wordexp-test.c, posix/wordexp.c.
    - CVE-2021-35942
  * SECURITY UPDATE: Off-by-one buffer overflow/underflow in getcwd()
    - debian/patches/any/CVE-2021-3999.patch: set errno to ERANGE for
      size == 1 in sysdeps/posix/getcwd.c.
    - CVE-2021-3999
  * SECURITY UPDATE: DoS via long svcunix_create path argument
    - debian/patches/any/CVE-2022-23218-pre1.patch: add the
      __sockaddr_un_set function in include/sys/un.h, socket/Makefile,
      socket/sockaddr_un_set.c, socket/tst-sockaddr_un_set.c.
    - debian/patches/any/CVE-2022-23218.patch: fix buffer overflow in
      sunrpc/svc_unix.c.
    - CVE-2022-23218
  * SECURITY UPDATE: DoS via long clnt_create hostname argument
    - debian/patches/any/CVE-2022-23219.patch: fix buffer overflow in
      sunrpc/clnt_gen.c.
    - CVE-2022-23219
  * debian/rules.d/build.mk: build with --with-default-link=no.
  * This package does _NOT_ contain the changes from (2.31-0ubuntu9.5) in
    focal-proposed.

 -- Marc Deslauriers <email address hidden> Thu, 24 Feb 2022 14:42:40 -0500

Source diff to previous version
CVE-2016-10228 The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSL
CVE-2019-25013 The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding,
CVE-2020-27618 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371
CVE-2020-29562 The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an a
CVE-2020-6096 An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets
CVE-2021-27645 The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may
CVE-2021-3326 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding,
CVE-2021-35942 The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called
CVE-2021-3999 Off-by-one buffer overflow/underflow in getcwd()
CVE-2022-23218 The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on t
CVE-2022-23219 The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on

Version: 2.31-0ubuntu9.3 2021-04-26 17:06:20 UTC

  glibc (2.31-0ubuntu9.3) focal; urgency=medium

  [ Aurelien Jarno ]
  * debian/patches/any/git-surplus-tls-accounting.diff: backport TLS surplus
    accounting from upstream. (Closes: #964141) (LP: #1914044)

  [ Balint Reczey ]
  * Update debian/patches/ubuntu/local-disable-ld_audit.diff
  * Prevent rare deadlock in pthread_cond_signal (LP: #1899800)
  * Cherry-pick upstream patch to fix building with -moutline-atomics
  * Make libc6 provide libc6-lse on arm64.
    Libc6 is now compiled with -moutline-atomics thus the separate binary
    package is dropped. (LP: #1912652)
  * debian/control: Libc6 should Conflict and Replace libc6-lse

 -- Balint Reczey <email address hidden> Mon, 29 Mar 2021 22:11:32 +0200

1914044 [SRU] gstreamer fails with \
1899800 Runtime deadlock: pthread_cond_signal failed to wake up pthread_cond_wait due to a bug in undoing stealing
964141 libc6: "cannot allocate memory in static TLS block" with some library combinations on arm64



About   -   Send Feedback to @ubuntu_updates