You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa eglibc

Sigurnosni nedostaci programskog paketa eglibc

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2306-1
August 04, 2014

eglibc vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the GNU C Library.

Software Description:
– eglibc: GNU C Library

Details:

Maksymilian Arciemowicz discovered that the GNU C Library incorrectly
handled the getaddrinfo() function. An attacker could use this issue to
cause a denial of service. This issue only affected Ubuntu 10.04 LTS.
(CVE-2013-4357)

It was discovered that the GNU C Library incorrectly handled the
getaddrinfo() function. An attacker could use this issue to cause a denial
of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.
(CVE-2013-4458)

Stephane Chazelas discovered that the GNU C Library incorrectly handled
locale environment variables. An attacker could use this issue to possibly
bypass certain restrictions such as the ForceCommand restrictions in
OpenSSH. (CVE-2014-0475)

David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C
Library incorrectly handled posix_spawn_file_actions_addopen() path
arguments. An attacker could use this issue to cause a denial of service.
(CVE-2014-4043)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libc6 2.19-0ubuntu6.1

Ubuntu 12.04 LTS:
libc6 2.15-0ubuntu10.6

Ubuntu 10.04 LTS:
libc6 2.11.1-0ubuntu7.14

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2306-1
CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043

Package Information:
https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.1
https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.6
https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.14

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJT37P6AAoJEGVp2FWnRL6TAI4P/jmNKZehlzfWoFZJEzjj4RwT
Wc7wfzEl2ivv0N0e5yl8VQnrs3T1115TW2F1SqUTN1onKfnM99c9aXtuF5V8GXpL
DacBUwTmf+JAsITHX+M3cYByj1ZMRLmpyURasuf+U0rB8BbGwN2m8ghWJi9NittZ
Isjx0YaR0ij2XF33hdIl2JdQmxEblg+JVftVpb/s4RhM+Uxk4UNEotRAJrY9Pxl1
RJW11rvlALsEBpyhhUltm2oWLuGMGZHaSQVfVyn1QdWucfUK3X5E91by0l7ZXX9I
3xIA/YBQVN6/1rm2tSaXv5tVNKUtcV8WwuO/lMRmqpLwtEfYAu7zGTWz7N11r1qt
Rus75KMbUhmbQi2/KszPq0NEz6dtoUO4UFGb8UAwkLB4o9SldWeLMiCeHB/TOauA
7hsHy6/ET0i90biWy41EETrxK9LxuESkAHbRa3xNibHCPxZPSzc59Hx2oCG/26qU
pKGu0tkHOycSBEMHrYGJc8t2PDy3/O8DvszhetgBr9ewWJhFtB7/tAn7tZU86MQA
neGwCzfAxPXUCKpePG96t3ShRM+Yu62tZlYmzIFHW4OEKmQHiKKsk8fjbWQENWJ9
ndewRAjMTxliPYhErO0CXsxCJ+Lt6aZZMz4qKiX/ErjP9uyeDRjyiRMrpE31BnV3
qBZB8vdsbVLIohy/cDBG
=Zov3
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2306-2
August 05, 2014

eglibc regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 10.04 LTS

Summary:

USN-2306-1 introduced a regression in the GNU C Library.

Software Description:
– eglibc: GNU C Library

Details:

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS,
the security update cause a regression in certain environments that use
the Name Service Caching Daemon (nscd), such as those configured for LDAP
or MySQL authentication. In these environments, the nscd daemon may need
to be stopped manually for name resolution to resume working so that
updates can be downloaded, including environments configured for unattended
updates.

We apologize for the inconvenience.

Original advisory details:

Maksymilian Arciemowicz discovered that the GNU C Library incorrectly
handled the getaddrinfo() function. An attacker could use this issue to
cause a denial of service. This issue only affected Ubuntu 10.04 LTS.
(CVE-2013-4357)
It was discovered that the GNU C Library incorrectly handled the
getaddrinfo() function. An attacker could use this issue to cause a denial
of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.
(CVE-2013-4458)
Stephane Chazelas discovered that the GNU C Library incorrectly handled
locale environment variables. An attacker could use this issue to possibly
bypass certain restrictions such as the ForceCommand restrictions in
OpenSSH. (CVE-2014-0475)
David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C
Library incorrectly handled posix_spawn_file_actions_addopen() path
arguments. An attacker could use this issue to cause a denial of service.
(CVE-2014-4043)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
libc6 2.11.1-0ubuntu7.15

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2306-2
http://www.ubuntu.com/usn/usn-2306-1
https://launchpad.net/bugs/1352504

Package Information:
https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.15

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJT4RYrAAoJEGVp2FWnRL6TUNQP+wXDd9CqJpWV6RsGThS2hC+m
INV6QzZbdxGiOLjHU5PXeWYkV+fVzZZPtsnwhr9CHv2wYAEtuMybSDiJ0En9m3Kc
x3HNS1ZhZuKL6UmWE4ODFQylLd9EWaCrY9N650d7wqj86x1/AvVie6U0DJlPjWFc
qTQNlpUOg8wTvDmRwX4u9qj2qNNwGZWXu4NVbXvFbkbbvHwUryW3y5f2fowPVFE9
M6DzijesHPhhmKcIt+hwQ2WwgCAMlRrA4CCbG+H8RZYfpoPmDO9ZZV/zAvip5un1
518nxaLJQoNa+swYAjiE3tmnK8jPrcNIn0ppMqFIgDqTm/lJsn09UCyOIhV+4tFB
qRQDx55jH0puA608YxETIHY3bGGic9SkipRF5FTYIJGXuKrc0G9A6NwGr1nDVE5F
/3ouY/bO6WtkKuBNOszZRMVqFOQOW5MHfGofeZCTdjVW5Pv/YngSCS9FZIMi/j1/
9vtemfYa4lMh7OiOfQhpows8oZU4Rg/kmvsnx/MqxObn2OSPNRXQbBFXdvsZX/Xx
s8SVgh4I7xx2yreb3AUcOe3BE4uo/VQqaRoQUFn+wEmE0PxcFLaLPvS8983hIdce
fGpNBGLd/6RoZ7IBMV1Y+5B5rEPIsjsbG37S4yDWU9jYuR92AaAAoGXkDa2WJW6U
+ejrsdot1Zm78Et4rbtm
=mQmC
—–END PGP SIGNATURE—–

AutorMarijo Plepelic
Cert idNCERT-REF-2014-08-0010-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa Mozilla Firefox

Izdana je nadogradnja za otklanjanje više ranjivosti paketa MozillaFirefox. Otkrivene ranjivosti mogle su biti iskorištene za uskraćivanje usluge, izvršavanje proizvoljnog...

Close