Package "eglibc"
WARNING: the "eglibc" package was deleted from this repository
Name: |
eglibc
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Embedded GNU C Library: Documentation
- Embedded GNU C Library: Binaries
- Embedded GNU C Library: Development binaries
- Embedded GNU C Library: Shared libraries
|
Latest version: |
*DELETED* |
Release: |
precise (12.04) |
Level: |
proposed |
Repository: |
main |
Links
Other versions of "eglibc" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
No changelog for deleted or moved packages.
|
eglibc (2.15-0ubuntu10.14) precise-security; urgency=medium
* SECURITY UPDATE: buffer overflow in gethostbyname_r and related
functions
- debian/patches/any/CVE-2015-1781.diff: take alignment padding
into account when computing if buffer is too small.
- CVE-2015-1781
* SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
- debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
database during iteration.
- debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
between getXXent and getXXbyYY NSS calls.
- CVE-2014-8121
* SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
conversion
- debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
of NaN payloads.
- debian/patches/any/CVE-2014-9761-1.diff: Fix nan functions
handling of payload strings
- CVE-2014-9761
* SECURITY UPDATE: out of range data to strftime() causes segfault
(denial of service)
- debian/patches/any/CVE-2015-8776.diff: add range checks to
strftime() processing
- CVE-2015-8776
* SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
AT_SECURE programs (e.g. setuid), allowing disabling of pointer
mangling
- debian/patches/any/CVE-2015-8777.diff: Always enable pointer
guard
- CVE-2015-8777
* SECURITY UPDATE: integer overflow in hcreate and hcreate_r
- debian/patches/any/CVE-2015-8778.diff: check for large inputs
- CVE-2015-8778
* SECURITY UPDATE: unbounded stack allocation in catopen()
- debian/patches/any/CVE-2015-8779.diff: stop using unbounded
alloca()
- CVE-2015-8779
* SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
- debian/patches/any/CVE-2016-3075.diff: do not make unneeded
memory copy on the stack.
- CVE-2016-3075
* SECURITY UPDATE: pt_chown privilege escalation
- debian/patches/any/CVE-2016-2856-pre.diff: add option to
enable/disable pt_chown.
- debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
about pty group and permission mode
- debian/debhelper.in/libc-bin.install: drop installation of
pt_chown
- CVE-2016-2856, CVE-2013-2207
* debian/debhelper.in/libc.postinst: add reboot notifications for
security updates (LP: #1546457)
-- Steve Beattie <email address hidden> Fri, 08 Apr 2016 23:59:46 -0700
|
1546457 |
libc6 2.15-0ubuntu10.13 doesn't mark reboot-required |
CVE-2015-1781 |
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-depen |
CVE-2014-8121 |
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if |
CVE-2014-9761 |
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of se |
CVE-2015-8776 |
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (applicat |
CVE-2015-8777 |
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding prot |
CVE-2015-8778 |
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application c |
CVE-2015-8779 |
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause |
CVE-2016-3075 |
Stack overflow in nss_dns_getnetbyname_r |
CVE-2016-2856 |
pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows lo |
CVE-2013-2207 |
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the |
|
No changelog for deleted or moved packages.
|
eglibc (2.15-0ubuntu10.12) precise; urgency=medium
* cvs-vfprintf-multibyte.diff: Fix "memory exhausted" bug in who, by no
longer parsing %s format arguments as multibyte strings (LP: #1109327)
* cvs-__SSE_MATH__-feraiseexcept.diff: Check for __SSE_MATH__ in x86_64
feraiseexcept to fix backported -m32 builds of GCC 4.8 (LP: #1165387)
* cvs-canonical-name.diff: Don't incorrectly do a PTR lookup when asked
to do a canonical lookup for a host using AI_CANONNAME (LP: #1057526)
* cvs-atomic-fastbins.diff: Fix race in free() of fastbin (LP: #1020210)
-- Adam Conrad <email address hidden> Wed, 25 Mar 2015 13:28:41 -0600
|
1109327 |
who command gets \ |
1165387 |
Check __SSE_MATH__ in feraiseexcept |
1057526 |
getaddrinfo returns PTR name in ai_canonname when using DNS |
1020210 |
Race condition using ATOMIC_FASTBINS in _int_free causes crash or heap corruption |
|
No changelog for deleted or moved packages.
|
About
-
Send Feedback to @ubuntu_updates