USN-6762-1

Source

https://ubuntu.com/security/notices/USN-6762-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6762-1.json

Related

CVE-2014-9984
CVE-2015-20109
CVE-2018-11236
CVE-2021-3999
CVE-2024-2961

Published

2024-05-02T12:45:48.580720Z

Modified

2024-05-02T12:45:48.580720Z

Summary

eglibc, glibc vulnerabilities

Details

It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9984)

It was discovered that GNU C Library might allow context-dependent attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-20109)

It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-11236)

It was discovered that the GNU C library getcwd function incorrectly handled buffers. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-3999)

Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-2961)

References

Affected packages

Ubuntu:Pro:18.04:LTS / glibc

Package

Name: glibc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.27-3ubuntu1.6+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "multiarch-support": "2.27-3ubuntu1.6+esm2",
            "libc6": "2.27-3ubuntu1.6+esm2",
            "libc6-dev": "2.27-3ubuntu1.6+esm2",
            "libc-bin": "2.27-3ubuntu1.6+esm2",
            "libc6-i386": "2.27-3ubuntu1.6+esm2",
            "libc6-dev-x32": "2.27-3ubuntu1.6+esm2",
            "libc6-dev-s390": "2.27-3ubuntu1.6+esm2",
            "libc-dev-bin": "2.27-3ubuntu1.6+esm2",
            "libc6-amd64": "2.27-3ubuntu1.6+esm2",
            "locales-all": "2.27-3ubuntu1.6+esm2",
            "libc6-x32": "2.27-3ubuntu1.6+esm2",
            "libc6-dev-i386": "2.27-3ubuntu1.6+esm2",
            "glibc-source": "2.27-3ubuntu1.6+esm2",
            "libc6-s390": "2.27-3ubuntu1.6+esm2",
            "libc6-pic": "2.27-3ubuntu1.6+esm2",
            "libc6-dev-armel": "2.27-3ubuntu1.6+esm2",
            "libc6-dev-amd64": "2.27-3ubuntu1.6+esm2",
            "nscd": "2.27-3ubuntu1.6+esm2",
            "glibc-doc": "2.27-3ubuntu1.6+esm2",
            "libc6-lse": "2.27-3ubuntu1.6+esm2",
            "locales": "2.27-3ubuntu1.6+esm2",
            "libc6-armel": "2.27-3ubuntu1.6+esm2"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / eglibc

Package

Name: eglibc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.19-0ubuntu6.15+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "multiarch-support": "2.19-0ubuntu6.15+esm3",
            "libc6": "2.19-0ubuntu6.15+esm3",
            "libc6-dev": "2.19-0ubuntu6.15+esm3",
            "libc-bin": "2.19-0ubuntu6.15+esm3",
            "libc6-i386": "2.19-0ubuntu6.15+esm3",
            "libc6-dev-x32": "2.19-0ubuntu6.15+esm3",
            "eglibc-source": "2.19-0ubuntu6.15+esm3",
            "libc-dev-bin": "2.19-0ubuntu6.15+esm3",
            "libc6-amd64": "2.19-0ubuntu6.15+esm3",
            "libc6-dev-i386": "2.19-0ubuntu6.15+esm3",
            "libc6-x32": "2.19-0ubuntu6.15+esm3",
            "libc6-prof": "2.19-0ubuntu6.15+esm3",
            "libc6-dev-amd64": "2.19-0ubuntu6.15+esm3",
            "libc6-pic": "2.19-0ubuntu6.15+esm3",
            "libc6-dev-armel": "2.19-0ubuntu6.15+esm3",
            "nscd": "2.19-0ubuntu6.15+esm3",
            "glibc-doc": "2.19-0ubuntu6.15+esm3",
            "libc6-armel": "2.19-0ubuntu6.15+esm3"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / glibc

Package

Name: glibc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.23-0ubuntu11.3+esm6

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "multiarch-support": "2.23-0ubuntu11.3+esm6",
            "libc6": "2.23-0ubuntu11.3+esm6",
            "libc6-dev": "2.23-0ubuntu11.3+esm6",
            "libc-bin": "2.23-0ubuntu11.3+esm6",
            "libc6-i386": "2.23-0ubuntu11.3+esm6",
            "libc6-dev-x32": "2.23-0ubuntu11.3+esm6",
            "libc6-dev-s390": "2.23-0ubuntu11.3+esm6",
            "libc-dev-bin": "2.23-0ubuntu11.3+esm6",
            "libc6-amd64": "2.23-0ubuntu11.3+esm6",
            "locales-all": "2.23-0ubuntu11.3+esm6",
            "libc6-x32": "2.23-0ubuntu11.3+esm6",
            "libc6-dev-i386": "2.23-0ubuntu11.3+esm6",
            "glibc-source": "2.23-0ubuntu11.3+esm6",
            "libc6-s390": "2.23-0ubuntu11.3+esm6",
            "libc6-pic": "2.23-0ubuntu11.3+esm6",
            "libc6-dev-armel": "2.23-0ubuntu11.3+esm6",
            "libc6-dev-amd64": "2.23-0ubuntu11.3+esm6",
            "nscd": "2.23-0ubuntu11.3+esm6",
            "glibc-doc": "2.23-0ubuntu11.3+esm6",
            "locales": "2.23-0ubuntu11.3+esm6",
            "libc6-armel": "2.23-0ubuntu11.3+esm6"
        }
    ]
}