UbuntuUpdates.org

Package "libc6-prof"

Name: libc6-prof

Description:

GNU C Library: Shared Libraries

Latest version: 2.35-0ubuntu3.6
Release: jammy (22.04)
Level: updates
Repository: main
Head package: glibc
Homepage: https://www.gnu.org/software/libc/libc.html

Links


Download "libc6-prof"


Other versions of "libc6-prof" in Jammy

Repository Area Version
base main 2.35-0ubuntu3
security main 2.35-0ubuntu3.6

Changelog

Version: 2.35-0ubuntu3.6 2024-01-10 16:09:45 UTC

  glibc (2.35-0ubuntu3.6) jammy-security; urgency=medium

  * SECURITY REGRESSION: incorrect processing of address family with nscd
    (LP: #2047155)
    - debian/patches/lp2047155/lp2047155-refactor-bits-for-readability.patch:
      split out line processing for 'label', 'precedence' and 'scopev4' into
      separate functions (gaiconf_inet).
    - debian/patches/lp2047155/lp2047155-avoid-if-to-else-jump.patch: clean up
      another antipattern where code flows from an if condition to its else
      counterpart with a goto (gai_init).
    - debian/patches/lp2047155/lp2047155-refactor-code-for-readability.patch:
      refactor the code and make it easier to follow by removing the confusing
      close_retry goto jump (getaddrinfo).
    - debian/patches/lp2047155/
      lp2047155-get-nscd-addresses-fix-subscript-typos.patch: fix the
      subscript on air->family, which was accidentally set to 'count' when it
      should have remained as 'i' (get_nscd_addresses).
    - CVE-2023-4806

 -- Camila Camargo de Matos <email address hidden> Tue, 02 Jan 2024 10:22:42 -0300

Source diff to previous version
2047155 \
CVE-2023-4806 A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an applicatio

Version: 2.35-0ubuntu3.5 2023-12-07 18:07:05 UTC

  glibc (2.35-0ubuntu3.5) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free through getcanonname_r plugin call
    - debian/patches/any/CVE-2023-4806-pre1.patch: sort tests and
      tests-container and put one test per line (nss).
    - debian/patches/any/CVE-2023-4806-pre2.patch: simplify canon name
      resolution (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre3.patch: fix leak with AI_ALL
      (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre4.patch: simplify service resolution
      (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre5.patch: make numeric lookup a
      separate routine (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre6.patch: split simple gethostbyname
      into its own function (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre7.patch: split nscd lookup code into
      its own function (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre8.patch: separate nss lookup loop
      into its own function (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre9.patch: make gethosts into a
      function (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre10.patch: split loopback lookup into
      its own function (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre11.patch: split result generation
      into its own function (gaih_inet).
    - debian/patches/any/CVE-2023-4806-pre12.patch: return EAI_MEMORY on
      allocation failure (gethosts).
    - debian/patches/any/CVE-2023-4806.patch: copy h_name over and free it at
      the end (getaddrinfo).
    - CVE-2023-4806
  * SECURITY UPDATE: use-after-free in gaih_inet function
    - debian/patches/any/CVE-2023-4813.patch: simplify allocations and fix
      merge and continue actions.
    - CVE-2023-4813
  * SECURITY UPDATE: memory leak in getaddrinfo
    - debian/patches/any/CVE-2023-5156.patch: fix leak in getaddrinfo
      introduced by the fix for CVE-2023-4806.
    - CVE-2023-5156

 -- Camila Camargo de Matos <email address hidden> Wed, 22 Nov 2023 10:18:45 -0300

Source diff to previous version
CVE-2023-4806 A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an applicatio
CVE-2023-4813 A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. Th
CVE-2023-5156 A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application

Version: 2.35-0ubuntu3.4 2023-10-03 20:11:57 UTC

  glibc (2.35-0ubuntu3.4) jammy-security; urgency=medium

  * SECURITY UPDATE: privilege escalation in ld.so
    - debian/patches/any/CVE-2023-4911.patch: terminate immediately if end
      of input is reached in elf/dl-tunables.c.
    - CVE-2023-4911

 -- Marc Deslauriers <email address hidden> Mon, 25 Sep 2023 10:45:50 -0400

Source diff to previous version
CVE-2023-4911 A buffer overflow was discovered in the GNU C Library's dynamic loader ...

Version: 2.35-0ubuntu3.3 2023-09-12 19:08:07 UTC

  glibc (2.35-0ubuntu3.3) jammy; urgency=medium

  * Drop SVE patches due to kernal-related performance regression
  * Fix the armhf stripping exception for ld.so (LP: #1927192)

Source diff to previous version

Version: 2.35-0ubuntu3.1 2022-07-28 15:07:47 UTC

  glibc (2.35-0ubuntu3.1) jammy; urgency=medium

  * debian/maint: add a script to manage backports of patches from upstream
    maintenance branch.
  * Cherry-pick patches from upstream maintenance branch:
    - 0001-S390-Add-new-s390-platform-z16.patch (LP: #1971612)
    - 0002-powerpc-Fix-VSX-register-number-on-__strncpy_power9-.patch (LP: #1978130)

 -- Michael Hudson-Doyle <email address hidden> Thu, 07 Jul 2022 11:23:23 +1200

1971612 [UBUNTU 22.04] GLIBC: Adding new s390 platform IBM z16
1978130 Ubuntu22.04: glibc: __strncpy_power9() uses uninitialised register vs18 value for filling after \\0



About   -   Send Feedback to @ubuntu_updates