113
glibc vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
* Ubuntu 19.10
* Ubuntu 18.04 LTS
* Ubuntu 16.04 LTS
Summary
Several security issues were fixed in GNU C Library.
Software Description
* glibc - GNU C Library
Details
Florian Weimer discovered that the GNU C Library incorrectly
handled certain memory operations. A remote attacker could use
this issue to cause the GNU C Library to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue
only affected Ubuntu 16.04 LTS. (CVE-2017-12133)
It was discovered that the GNU C Library incorrectly handled
certain SSE2-optimized memmove operations. A remote attacker could
use this issue to cause the GNU C Library to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue
only affected Ubuntu 16.04 LTS. (CVE-2017-18269)
It was discovered that the GNU C Library incorrectly handled
certain pathname operations. A remote attacker could use this
issue to cause the GNU C Library to crash, resulting in a denial
of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 18.04 LTS. (CVE-2018-11236)
It was discovered that the GNU C Library incorrectly handled
certain AVX-512-optimized mempcpy operations. A remote attacker
could use this issue to cause the GNU C Library to crash,
resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11237)
It was discovered that the GNU C Library incorrectly handled
certain hostname loookups. A remote attacker could use this issue
to cause the GNU C Library to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only
affected Ubuntu 18.04 LTS. (CVE-2018-19591)
Jakub Wilk discovered that the GNU C Library incorrectly handled
certain memalign functions. A remote attacker could use this issue
to cause the GNU C Library to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only
affected Ubuntu 16.04 LTS. (CVE-2018-6485)
It was discovered that the GNU C Library incorrectly ignored the
LD_PREFER_MAP_32BIT_EXEC environment variable after security
transitions. A local attacker could use this issue to bypass ASLR
restrictions. (CVE-2019-19126)
It was discovered that the GNU C Library incorrectly handled
certain regular expressions. A remote attacker could possibly use
this issue to cause the GNU C Library to crash, resulting in a
denial of service. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS. (CVE-2019-9169)
It was discovered that the GNU C Library incorrectly handled
certain bit patterns. A remote attacker could use this issue to
cause the GNU C Library to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only
affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10029)
It was discovered that the GNU C Library incorrectly handled
certain signal trampolines on PowerPC. A remote attacker could use
this issue to cause the GNU C Library to crash, resulting in a
denial of service, or possibly execute arbitrary code.
(CVE-2020-1751)
It was discovered that the GNU C Library incorrectly handled tilde
expansion. A remote attacker could use this issue to cause the GNU
C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2020-1752)
Update instructions
The problem can be corrected by updating your system to the
following package versions:
Ubuntu 19.10
libc6 - 2.30-0ubuntu2.2
Ubuntu 18.04 LTS
libc6 - 2.27-3ubuntu1.2
Ubuntu 16.04 LTS
libc6 - 2.23-0ubuntu11.2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to
make all the necessary changes.
References
* CVE-2017-12133
* CVE-2017-18269
* CVE-2018-11236
* CVE-2018-11237
* CVE-2018-19591
* CVE-2018-6485
* CVE-2019-19126
* CVE-2019-9169
* CVE-2020-10029
* CVE-2020-1751
* CVE-2020-1752
--- Mystic BBS v1.12 A45 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)