Headline
Ubuntu Security Notice USN-6762-1
Ubuntu Security Notice 6762-1 - It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library might allow context-dependent attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.
==========================================================================Ubuntu Security Notice USN-6762-1May 02, 2024eglibc, glibc vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTS- Ubuntu 14.04 LTSSummary:Several security issues were fixed in GNU C Library.Software Description:- glibc: GNU C Library- eglibc: GNU C LibraryDetails:It was discovered that GNU C Library incorrectly handled netgroup requests.An attacker could possibly use this issue to cause a crash or execute arbitrary code.This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9984)It was discovered that GNU C Library might allow context-dependentattackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.(CVE-2015-20109)It was discovered that GNU C Library when processing very long pathname arguments tothe realpath function, could encounter an integer overflow on 32-bitarchitectures, leading to a stack-based buffer overflow and, potentially,arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.(CVE-2018-11236)It was discovered that the GNU C library getcwd function incorrectlyhandled buffers. An attacker could use this issue to cause the GNU CLibrary to crash, resulting in a denial of service, or possibly executearbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-3999)Charles Fol discovered that the GNU C Library iconv feature incorrectlyhandled certain input sequences. An attacker could use this issue to causethe GNU C Library to crash, resulting in a denial of service, or possiblyexecute arbitrary code. (CVE-2024-2961)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS libc6 2.27-3ubuntu1.6+esm2 Available with Ubuntu ProUbuntu 16.04 LTS libc6 2.23-0ubuntu11.3+esm6 Available with Ubuntu ProUbuntu 14.04 LTS libc6 2.19-0ubuntu6.15+esm3 Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.References: https://ubuntu.com/security/notices/USN-6762-1 CVE-2014-9984, CVE-2015-20109, CVE-2018-11236, CVE-2021-3999, CVE-2024-2961, https://launchpad.net/bugs/2063328Related news
Red Hat Security Advisory 2024-2799-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.
Ubuntu Security Notice 6737-2 - USN-6737-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 24.04 LTS. Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.
Debian Linux Security Advisory 5673-1 - Charles Fol discovered that the iconv() function in the GNU C library is prone to a buffer overflow vulnerability when converting strings to the ISO-2022-CN-EXT character set, which may lead to denial of service (application crash) or the execution of arbitrary code.
Ubuntu Security Notice 6737-1 - Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
Gentoo Linux Security Advisory 202208-24 - Multiple vulnerabilities have been discovered in the GNU C Library, the worst of which could result in denial of service. Versions less than 2.34 are affected.
Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).