Package "locales"

Name: locales


GNU C Library: National Language (locale) data [support]

Latest version: 2.37-0ubuntu2.2
Release: lunar (23.04)
Level: updates
Repository: main
Head package: glibc
Homepage: https://www.gnu.org/software/libc/libc.html


Download "locales"

Other versions of "locales" in Lunar

Repository Area Version
base main 2.37-0ubuntu2
security main 2.37-0ubuntu2.2


Version: 2.37-0ubuntu2.2 2023-12-07 18:07:09 UTC

  glibc (2.37-0ubuntu2.2) lunar-security; urgency=medium

  * SECURITY UPDATE: use-after-free through getcanonname_r plugin call
    - debian/patches/any/CVE-2023-4806.patch: copy h_name over and free it at
      the end (getaddrinfo).
    - CVE-2023-4806
  * SECURITY UPDATE: memory leak in getaddrinfo
    - debian/patches/any/CVE-2023-5156.patch: fix leak in getaddrinfo
      introduced by the fix for CVE-2023-4806.
    - CVE-2023-5156

 -- Camila Camargo de Matos <email address hidden> Wed, 22 Nov 2023 10:31:12 -0300

Source diff to previous version
CVE-2023-4806 A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an applicatio
CVE-2023-5156 A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application

Version: 2.37-0ubuntu2.1 2023-10-03 20:12:00 UTC

  glibc (2.37-0ubuntu2.1) lunar-security; urgency=medium

  * SECURITY UPDATE: DoS and info disclosure via no-aaaa
    - debian/patches/any/CVE-2023-4527.patch: pass alt_dns_packet_buffer in
      resolv/nss_dns/dns-host.c, add test to resolv/Makefile,
    - CVE-2023-4527
  * SECURITY UPDATE: privilege escalation in ld.so
    - debian/patches/any/CVE-2023-4911.patch: terminate immediately if end
      of input is reached in elf/dl-tunables.c.
    - CVE-2023-4911

 -- Marc Deslauriers <email address hidden> Mon, 25 Sep 2023 08:20:52 -0400

CVE-2023-4527 A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode v
CVE-2023-4911 A buffer overflow was discovered in the GNU C Library's dynamic loader ...

About   -   Send Feedback to @ubuntu_updates