UbuntuUpdates.org

Package "locales"

Name: locales

Description:

GNU C Library: National Language (locale) data [support]
Latest version: 2.37-0ubuntu2.2
Release: lunar (23.04)
Level: security
Repository: main
Head package: glibc
Homepage: https://www.gnu.org/software/libc/libc.html

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "locales"

All arch deb package
APT INSTALL

Other versions of "locales" in Lunar

Repository Area Version
base main 2.37-0ubuntu2
updates main 2.37-0ubuntu2.2

Changelog

Version: 2.37-0ubuntu2.2 2023-12-07 18:07:08 UTC

  glibc (2.37-0ubuntu2.2) lunar-security; urgency=medium

  * SECURITY UPDATE: use-after-free through getcanonname_r plugin call
    - debian/patches/any/CVE-2023-4806.patch: copy h_name over and free it at
      the end (getaddrinfo).
    - CVE-2023-4806
  * SECURITY UPDATE: memory leak in getaddrinfo
    - debian/patches/any/CVE-2023-5156.patch: fix leak in getaddrinfo
      introduced by the fix for CVE-2023-4806.
    - CVE-2023-5156

 -- Camila Camargo de Matos <email address hidden> Wed, 22 Nov 2023 10:31:12 -0300
Source diff to previous version
CVE-2023-4806 A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an applicatio
CVE-2023-5156 A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application

Version: 2.37-0ubuntu2.1 2023-10-03 20:12:00 UTC

  glibc (2.37-0ubuntu2.1) lunar-security; urgency=medium

  * SECURITY UPDATE: DoS and info disclosure via no-aaaa
    - debian/patches/any/CVE-2023-4527.patch: pass alt_dns_packet_buffer in
      resolv/nss_dns/dns-host.c, add test to resolv/Makefile,
      resolv/tst-resolv-noaaaa-vc.c.
    - CVE-2023-4527
  * SECURITY UPDATE: privilege escalation in ld.so
    - debian/patches/any/CVE-2023-4911.patch: terminate immediately if end
      of input is reached in elf/dl-tunables.c.
    - CVE-2023-4911

 -- Marc Deslauriers <email address hidden> Mon, 25 Sep 2023 08:20:52 -0400
CVE-2023-4527 A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode v
CVE-2023-4911 A buffer overflow was discovered in the GNU C Library's dynamic loader ...


About   -   Send Feedback to @ubuntu_updates