UbuntuUpdates.org

Package "multiarch-support"

Name: multiarch-support

Description:

Transitional package to ensure multiarch compatibility

Latest version: 2.23-0ubuntu11.3
Release: xenial (16.04)
Level: updates
Repository: main
Head package: glibc
Homepage: http://www.gnu.org/software/libc/libc.html

Links


Download "multiarch-support"


Other versions of "multiarch-support" in Xenial

Repository Area Version
base main 2.23-0ubuntu3
security main 2.23-0ubuntu11.3

Changelog

Version: 2.23-0ubuntu7 2017-03-22 01:07:11 UTC

  glibc (2.23-0ubuntu7) xenial-security; urgency=medium

  * REGRESSION UPDATE: Previous update introduced ABI breakage in
    internal glibc query ABI
    - Revert patches/any/CVE-2015-5180-regression.diff
      (LP: #1674532)

 -- Steve Beattie <email address hidden> Tue, 21 Mar 2017 08:54:23 -0700

Source diff to previous version
CVE-2015-5180 DNS resolver NULL pointer dereference with crafted record type

Version: 2.23-0ubuntu6 2017-03-21 03:06:56 UTC

  glibc (2.23-0ubuntu6) xenial-security; urgency=medium

  * SECURITY UPDATE: DNS resolver NULL pointer dereference with
    crafted record type
    - patches/any/CVE-2015-5180.diff: use out of band signaling for
      internal queries
    - CVE-2015-5180
  * Rebuild to get the following fixes into the xenial-security pocket:
    - SECURITY UPDATE: stack-based buffer overflow in the glob
      implementation
      + patches/git-updates.diff: Simplify the interface for the
        GLOB_ALTDIRFUNC callback gl_readdir
      + CVE-2016-1234
    - SECURITY UPDATE: getaddrinfo: stack overflow in hostent
      conversion
      + patches/git-updates.diff: Use a heap allocation instead
      + CVE-2016-3706:
    - SECURITY UPDATE: stack exhaustion in clntudp_call
      + patches/git-updates.diff: Use malloc/free for the error
        payload.
      + CVE-2016-4429
    - SECURITY UPDATE: memory exhaustion DoS in libresolv
      + patches/git-updates.diff: Simplify handling of nameserver
        configuration in resolver
      + CVE-2016-5417
    - SECURITY UPDATE: ARM32 backtrace infinite loop (DoS)
      + patches/git-updates.diff: mark __startcontext as .cantunwind
      + CVE-2016-6323

 -- Steve Beattie <email address hidden> Mon, 06 Mar 2017 16:47:32 -0800

Source diff to previous version
CVE-2015-5180 DNS resolver NULL pointer dereference with crafted record type
CVE-2016-1234 Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-depende
CVE-2016-3706 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attack
CVE-2016-4429 Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to caus
CVE-2016-5417 Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows
CVE-2016-6323 The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI

Version: 2.23-0ubuntu5 2016-12-08 09:07:18 UTC

  glibc (2.23-0ubuntu5) xenial; urgency=medium

  * Disable lock-elision on all targets to avoid regressions (LP: #1642390)

 -- Adam Conrad <email address hidden> Wed, 16 Nov 2016 13:53:50 -0700

Source diff to previous version
1642390 Disable lock-elision in glibc pending upstream changes

Version: 2.23-0ubuntu4 2016-10-25 13:07:08 UTC

  glibc (2.23-0ubuntu4) xenial; urgency=medium

  * debian/rules.d/tarball.mk: Apply --no-renames to make the diff readable.
  * debian/patches/git-updates.diff: Update from release/2.23/master branch:
    - Include fix for potential makecontext() hang on ARMv7 (CVE-2016-6323)
    - Include fix for SEGV in sock_eq with nss_hesiod module (LP: #1571456)
    - Include malloc fixes, addressing multithread deadlocks (LP: #1630302)
    - debian/patches/hurd-i386/cvs-libpthread.so.diff: Dropped, upstreamed.
    - debian/patches/any/submitted-argp-attribute.diff: Dropped, upstreamed.
    - debian/patches/hurd-i386/tg-hurdsig-fixes-2.diff: Rebased to upstream.
  * debian/patches/ubuntu/local-altlocaledir.diff: Updated to latest version
    from Martin that limits scope to LC_MESSAGES, fixing segv (LP: #1577460)
  * debian/patches/any/cvs-cos-precision.diff: Fix cos() bugs (LP: #1614966)
  * debian/testsuite-xfail-debian.mk: Allow nptl/tst-signal6 to fail on ARM.

 -- Adam Conrad <email address hidden> Fri, 14 Oct 2016 00:00:34 -0600

1571456 id crashed with SIGSEGV in sock_eq()
1630302 Multi-threaded luaJIT application hangs; apparent deadlock in GLIBC
1577460 mkinitramfs --help \u003e Core dumped
1614966 libc has broken cos implementation
CVE-2016-6323 The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI



About   -   Send Feedback to @ubuntu_updates