UbuntuUpdates.org

Package "eglibc"




Name: eglibc

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Embedded GNU C Library: Documentation
  • Embedded GNU C Library: Binaries
  • Embedded GNU C Library: Development binaries
  • Embedded GNU C Library: Shared libraries

Latest version: *DELETED*
Release: precise (12.04)
Level: proposed
Repository: main

Links



Other versions of "eglibc" in Precise

Repository Area Version
base universe 2.15-0ubuntu10
base main 2.15-0ubuntu10
security main 2.15-0ubuntu10.23
security universe 2.15-0ubuntu10.23
updates universe 2.15-0ubuntu10.23
updates main 2.15-0ubuntu10.23

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: *DELETED* 2016-05-25 19:06:56 UTC
No changelog for deleted or moved packages.

Version: 2.15-0ubuntu10.14 2016-04-26 03:06:23 UTC

  eglibc (2.15-0ubuntu10.14) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gethostbyname_r and related
    functions
    - debian/patches/any/CVE-2015-1781.diff: take alignment padding
      into account when computing if buffer is too small.
    - CVE-2015-1781
  * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
    - debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
      database during iteration.
    - debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
      between getXXent and getXXbyYY NSS calls.
    - CVE-2014-8121
  * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
    conversion
    - debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
      of NaN payloads.
    - debian/patches/any/CVE-2014-9761-1.diff: Fix nan functions
      handling of payload strings
    - CVE-2014-9761
  * SECURITY UPDATE: out of range data to strftime() causes segfault
    (denial of service)
    - debian/patches/any/CVE-2015-8776.diff: add range checks to
      strftime() processing
    - CVE-2015-8776
  * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
    AT_SECURE programs (e.g. setuid), allowing disabling of pointer
    mangling
    - debian/patches/any/CVE-2015-8777.diff: Always enable pointer
      guard
    - CVE-2015-8777
  * SECURITY UPDATE: integer overflow in hcreate and hcreate_r
    - debian/patches/any/CVE-2015-8778.diff: check for large inputs
    - CVE-2015-8778
  * SECURITY UPDATE: unbounded stack allocation in catopen()
    - debian/patches/any/CVE-2015-8779.diff: stop using unbounded
      alloca()
    - CVE-2015-8779
  * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
    - debian/patches/any/CVE-2016-3075.diff: do not make unneeded
      memory copy on the stack.
    - CVE-2016-3075
  * SECURITY UPDATE: pt_chown privilege escalation
    - debian/patches/any/CVE-2016-2856-pre.diff: add option to
      enable/disable pt_chown.
    - debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
      about pty group and permission mode
    - debian/debhelper.in/libc-bin.install: drop installation of
      pt_chown
    - CVE-2016-2856, CVE-2013-2207
  * debian/debhelper.in/libc.postinst: add reboot notifications for
    security updates (LP: #1546457)

 -- Steve Beattie <email address hidden> Fri, 08 Apr 2016 23:59:46 -0700

1546457 libc6 2.15-0ubuntu10.13 doesn't mark reboot-required
CVE-2015-1781 Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-depen
CVE-2014-8121 DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if
CVE-2014-9761 Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of se
CVE-2015-8776 The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (applicat
CVE-2015-8777 The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding prot
CVE-2015-8778 Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application c
CVE-2015-8779 Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause
CVE-2016-3075 Stack overflow in nss_dns_getnetbyname_r
CVE-2016-2856 pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows lo
CVE-2013-2207 pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the

Version: *DELETED* 2015-04-08 10:06:38 UTC
No changelog for deleted or moved packages.

Version: 2.15-0ubuntu10.12 2015-03-26 21:06:44 UTC

  eglibc (2.15-0ubuntu10.12) precise; urgency=medium

  * cvs-vfprintf-multibyte.diff: Fix "memory exhausted" bug in who, by no
    longer parsing %s format arguments as multibyte strings (LP: #1109327)
  * cvs-__SSE_MATH__-feraiseexcept.diff: Check for __SSE_MATH__ in x86_64
    feraiseexcept to fix backported -m32 builds of GCC 4.8 (LP: #1165387)
  * cvs-canonical-name.diff: Don't incorrectly do a PTR lookup when asked
    to do a canonical lookup for a host using AI_CANONNAME (LP: #1057526)
  * cvs-atomic-fastbins.diff: Fix race in free() of fastbin (LP: #1020210)
 -- Adam Conrad <email address hidden> Wed, 25 Mar 2015 13:28:41 -0600

1109327 who command gets \
1165387 Check __SSE_MATH__ in feraiseexcept
1057526 getaddrinfo returns PTR name in ai_canonname when using DNS
1020210 Race condition using ATOMIC_FASTBINS in _int_free causes crash or heap corruption

Version: *DELETED* 2013-04-23 23:06:47 UTC
No changelog for deleted or moved packages.



About   -   Send Feedback to @ubuntu_updates