lp:ubuntu/precise-security/eglibc

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

319. By Steve Beattie on 2016-05-26

* REGRESSION UPDATE: revert CVE-2014-9761 fix due to added symbol
  dependency from libm to libc (LP: #1585614)
  - debian/patches/any/CVE-2014-9761-2.diff: keep exporting
    __strto*_nan symbols added to libc.

318. By Steve Beattie on 2016-04-08

* SECURITY UPDATE: buffer overflow in gethostbyname_r and related
  functions
  - debian/patches/any/CVE-2015-1781.diff: take alignment padding
    into account when computing if buffer is too small.
  - CVE-2015-1781
* SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
  - debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
    database during iteration.
  - debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
    between getXXent and getXXbyYY NSS calls.
  - CVE-2014-8121
* SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
  conversion
  - debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
    of NaN payloads.
  - debian/patches/any/CVE-2014-9761-1.diff: Fix nan functions
    handling of payload strings
  - CVE-2014-9761
* SECURITY UPDATE: out of range data to strftime() causes segfault
  (denial of service)
  - debian/patches/any/CVE-2015-8776.diff: add range checks to
    strftime() processing
  - CVE-2015-8776
* SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
  AT_SECURE programs (e.g. setuid), allowing disabling of pointer
  mangling
  - debian/patches/any/CVE-2015-8777.diff: Always enable pointer
    guard
  - CVE-2015-8777
* SECURITY UPDATE: integer overflow in hcreate and hcreate_r
  - debian/patches/any/CVE-2015-8778.diff: check for large inputs
  - CVE-2015-8778
* SECURITY UPDATE: unbounded stack allocation in catopen()
  - debian/patches/any/CVE-2015-8779.diff: stop using unbounded
    alloca()
  - CVE-2015-8779
* SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
  - debian/patches/any/CVE-2016-3075.diff: do not make unneeded
    memory copy on the stack.
  - CVE-2016-3075
* SECURITY UPDATE: pt_chown privilege escalation
  - debian/patches/any/CVE-2016-2856-pre.diff: add option to
    enable/disable pt_chown.
  - debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
    about pty group and permission mode
  - debian/debhelper.in/libc-bin.install: drop installation of
    pt_chown
  - CVE-2016-2856, CVE-2013-2207
* debian/debhelper.in/libc.postinst: add reboot notifications for
  security updates (LP: #1546457)

317. By Marc Deslauriers on 2016-02-16

* SECURITY UPDATE: glibc getaddrinfo stack-based buffer overflow
  - debian/patches/any/CVE-2015-7547-pre1.diff: fix memory leak in
    resolv/nss_dns/dns-host.c.
  - debian/patches/any/CVE-2015-7547-pre2.diff: fix memory leak in
    include/resolv.h, resolv/gethnamaddr.c, resolv/nss_dns/dns-canon.c,
    resolv/nss_dns/dns-host.c, resolv/nss_dns/dns-network.c,
    resolv/res_query.c, resolv/res_send.c.
  - debian/patches/any/CVE-2015-7547.diff: fix buffer handling in
    resolv/nss_dns/dns-host.c, resolv/res_query.c, resolv/res_send.c.
  - CVE-2015-7547

316. By Marc Deslauriers on 2015-02-25

* SECURITY UPDATE: getaddrinfo writes to random file descriptors under
  high load
  - debian/patches/any/cvs-resolv-reuse-fd.diff: reload file descriptor
    after calling reopen in resolv/res_send.c.
  - CVE-2013-7423
* SECURITY UPDATE: denial of service via endless loop in getaddr_r
  - debian/patches/any/cvs-getnetbyname.diff: iterate over alias names in
    resolv/nss_dns/dns-network.c.
  - CVE-2014-9402
* SECURITY UPDATE: buffer overflow in wscanf
  - debian/patches/any/cvs-wscanf.diff: calculate correct size in
    stdio-common/vfscanf.c, added test to stdio-common/tst-sscanf.c.
  - CVE-2015-1472
  - CVE-2015-1473

315. By Steve Beattie on 2015-01-20

* SECURITY UPDATE: buffer overflow in __nss_hostname_digits_dots
  - debian/patches/any/CVE-2015-0235.diff: fix overflow in
    nss/digits_dots.c
  - CVE-2015-0235

314. By Marc Deslauriers on 2014-12-02

* SECURITY UPDATE: denial of service in IBM gconv modules
  - debian/patches/any/CVE-2012-6656.diff: fix check in
    iconvdata/ibm930.c.
  - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
    iconvdata/ibm*.c.
  - CVE-2012-6656
  - CVE-2014-6040
* SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
  - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
    posix/wordexp.c, added tests to posix/wordexp-test.c.
  - CVE-2014-7817

313. By Adam Conrad on 2014-08-27

* SECURITY UPDATE: heap overflow in __gconv_translit_find() (LP: #1362409)
  - debian/patches/any/cvs-CVE-2014-5119.diff: Backport upstream commit to
    completely remove support for loadable gconv transliteration modules.
* SECURITY REGRESSION: localplt regression introduced in 2.15-0ubuntu10.6
  - debian/patches/any/submitted-CVE-2014-0475.diff: update with a backport
    of upstream commit ca38dc17 to include memmem hidden alias declaration.

312. By Marc Deslauriers on 2014-07-28

* SECURITY UPDATE: denial of service via buffer overflow in getaddrinfo
  - debian/patches/any/CVE-2013-4458.patch: fix overflow in
    sysdeps/posix/getaddrinfo.c.
  - CVE-2013-4458
* SECURITY UPDATE: Directory traversal in locale environment handling
  - debian/patches/any/CVE-2014-0475.diff: validate locale names in
    locale/findlocale.c, locale/setlocale.c, added test to
    localedata/tst-setlocale3.c, localedata/Makefile.
  - CVE-2014-0475
* SECURITY UPDATE: use-after-free via posix_spawn_file_actions_addopen
  failing to copy the path argument
  - debian/patches/any/CVE-2014-4043.diff: properly copy path in
    posix/spawn_faction_addopen.c, posix/spawn_faction_destroy.c,
    posix/spawn_int.h, added test to posix/tst-spawn.c.
  - CVE-2014-4043
* debian/patches/any/CVE-2013-4237-part2.diff: fix alignment issue
  causing a readdir regression on sparc.
* debian/patches/any/CVE-2013-4332-part2.diff: added a couple of extra
  commits to fix another overflow and an infinite loop.

311. By Marc Deslauriers on 2013-09-27

* SECURITY UPDATE: denial of service and possible code execution via
  strcoll overflows
  - debian/patches/any/CVE-2012-44xx.diff: fix overflows in
    string/strcoll_l.c, add test to string/tst-strcoll-overflow.c,
    string/Makefile.
  - CVE-2012-4412
  - CVE-2012-4424
* SECURITY UPDATE: denial of service in regular expression matcher
  - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in
    posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile.
  - CVE-2013-0242
* SECURITY UPDATE: denial of service in getaddrinfo
  - debian/patches/any/CVE-2013-1914.diff: fix overflow in
    sysdeps/posix/getaddrinfo.c.
  - CVE-2013-1914
* SECURITY UPDATE: denial of service and possible code execution via
  readdir_r
  - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in
    sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h,
    sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove
    GETDENTS_64BIT_ALIGNED from
    sysdeps/unix/sysv/linux/i386/readdir64_r.c,
    sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c.
  - CVE-2013-4237
* SECURITY UPDATE: denial of service and possible code execution via
  overflows in memory allocator
  - debian/patches/any/CVE-2013-4332.diff: check for overflows in
    malloc/malloc.c.
  - CVE-2013-4332

310. By Steve Beattie on 2012-09-29

* SECURITY UPDATE: stack buffer overflow in vfprintf handling
  (LP: #1031301)
  - debian/patches/any/CVE-2012-3406.patch: switch to malloc when
    array grows too large to handle via alloca extension
  - CVE-2012-3406
* SECURITY UPDATE: stdlib strtod integer/buffer overflows
  - debian/patches/any/CVE-2012-3480.patch: rearrange calculations
    and modify types to void integer overflows
  - CVE-2012-3480