Package "libc6-dev-amd64"
Name: |
libc6-dev-amd64
|
Description: |
GNU C Library: 64bit Development Libraries for AMD64
|
Latest version: |
2.23-0ubuntu10 |
Release: |
xenial (16.04) |
Level: |
security |
Repository: |
main |
Head package: |
glibc |
Homepage: |
http://www.gnu.org/software/libc/libc.html |
Links
Save this URL for the latest version of "libc6-dev-amd64":
https://www.ubuntuupdates.org/libc6-dev-amd64
Download "libc6-dev-amd64"
Other versions of "libc6-dev-amd64" in Xenial
Changelog
glibc (2.23-0ubuntu10) xenial-security; urgency=medium
* SECURITY UPDATE: Memory leak in dynamic loader (ld.so)
- debian/patches/any/cvs-compute-correct-array-size-in-_dl_init_paths.diff:
Compute correct array size in _dl_init_paths
- CVE-2017-1000408
* SECURITY UPDATE: Buffer overflow in dynamic loader (ld.so)
- debian/patches/any/cvs-count-components-of-expanded-path-in-_dl_init_paths.diff:
Count components of the expanded path in _dl_init_path
- CVE-2017-1000409
* SECURITY UPDATE: One-byte overflow in glob
- debian/patches/any/cvs-fix-one-byte-glob-overflow.diff: Fix one-byte
overflow in glob
- CVE-2017-15670
* SECURITY UPDATE: Buffer overflow in glob
- debian/patches/any/cvs-fix-glob-buffer-overflow.diff: Fix buffer overflow
during GLOB_TILDE unescaping
- CVE-2017-15804
* SECURITY UPDATE: Local privilege escalation via mishandled RPATH / RUNPATH
- debian/patches/any/cvs-elf-check-for-empty-tokens.diff: elf: Check for
empty tokens before dynamic string token expansion
- CVE-2017-16997
* SECURITY UPDATE: Buffer underflow in realpath()
- debian/patches/any/cvs-make-getcwd-fail-if-path-is-no-absolute.diff:
Make getcwd(3) fail if it cannot obtain an absolute path
- CVE-2018-1000001
-- Chris Coulson <email address hidden> Sun, 14 Jan 2018 20:06:26 +0000
|
Source diff to previous version |
glibc (2.23-0ubuntu9) xenial-security; urgency=medium
* SECURITY UPDATE: LD_LIBRARY_PATH stack corruption
- debian/patches/any/CVE-2017-1000366.patch: Completely ignore
LD_LIBRARY_PATH for AT_SECURE=1 programs
- CVE-2017-1000366
* SECURITY UPDATE: LD_PRELOAD stack corruption
- debian/patches/any/upstream-harden-rtld-Reject-overly-long-LD_PRELOAD.patch:
Reject overly long names or names containing directories in
LD_PRELOAD for AT_SECURE=1 programs.
* debian/patches/any/cvs-harden-glibc-malloc-metadata.patch: add
additional consistency check for 1-byte overflows
* debian/patches/any/cvs-harden-ignore-LD_HWCAP_MASK.patch: ignore
LD_HWCAP_MASK for AT_SECURE=1 programs
-- Steve Beattie <email address hidden> Fri, 16 Jun 2017 12:04:15 -0700
|
Source diff to previous version |
|
glibc (2.23-0ubuntu7) xenial-security; urgency=medium
* REGRESSION UPDATE: Previous update introduced ABI breakage in
internal glibc query ABI
- Revert patches/any/CVE-2015-5180-regression.diff
(LP: #1674532)
-- Steve Beattie <email address hidden> Tue, 21 Mar 2017 08:54:23 -0700
|
Source diff to previous version |
CVE-2015-5180 |
DNS resolver NULL pointer dereference with crafted record type |
|
glibc (2.23-0ubuntu6) xenial-security; urgency=medium
* SECURITY UPDATE: DNS resolver NULL pointer dereference with
crafted record type
- patches/any/CVE-2015-5180.diff: use out of band signaling for
internal queries
- CVE-2015-5180
* Rebuild to get the following fixes into the xenial-security pocket:
- SECURITY UPDATE: stack-based buffer overflow in the glob
implementation
+ patches/git-updates.diff: Simplify the interface for the
GLOB_ALTDIRFUNC callback gl_readdir
+ CVE-2016-1234
- SECURITY UPDATE: getaddrinfo: stack overflow in hostent
conversion
+ patches/git-updates.diff: Use a heap allocation instead
+ CVE-2016-3706:
- SECURITY UPDATE: stack exhaustion in clntudp_call
+ patches/git-updates.diff: Use malloc/free for the error
payload.
+ CVE-2016-4429
- SECURITY UPDATE: memory exhaustion DoS in libresolv
+ patches/git-updates.diff: Simplify handling of nameserver
configuration in resolver
+ CVE-2016-5417
- SECURITY UPDATE: ARM32 backtrace infinite loop (DoS)
+ patches/git-updates.diff: mark __startcontext as .cantunwind
+ CVE-2016-6323
-- Steve Beattie <email address hidden> Mon, 06 Mar 2017 16:47:32 -0800
|
CVE-2015-5180 |
DNS resolver NULL pointer dereference with crafted record type |
CVE-2016-1234 |
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-depende |
CVE-2016-3706 |
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attack |
CVE-2016-4429 |
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to caus |
CVE-2016-5417 |
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows |
CVE-2016-6323 |
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI |
|
About
-
Send Feedback to @ubuntu_updates