[ubuntu/bionic-security] klibc 2.0.4-9ubuntu2.1 (Accepted)

David Fernandez Gonzalez david.fernandezgonzalez at canonical.com
Mon Apr 18 07:40:50 UTC 2022


klibc (2.0.4-9ubuntu2.1) bionic-security; urgency=medium

  * SECURITY UPDATE: integer overflow in calloc
    - debian/patches/CVE-2021-31870.patch: add overflow check
      when performing the multiplication in usr/klibc/calloc.c. 
    - CVE-2021-31870
  * SECURITY UPDATE: integer overflow in cpio 
    - debian/patches/CVE-2021-31871.patch: remove cast to unsigned
      to avoid a possible overflow in 64 bit systems in 
      usr/utils/cpio.c.
    - CVE-2021-31871
  * SECURITY UPDATE: integer overflow in read_in_new_ascii
    - debian/patches/CVE-2021-31872.patch: ensure that c_namesize
      and c_filesize are smaller than LONG_MAX in usr/utils/cpio.c.
    - CVE-2021-31872
  * SECURITY UPDATE: integer overflow in malloc
    - debian/patches/CVE-2021-31873.patch: ensure that size is smaller
      than PTRDIFF_MAX in usr/klibc/malloc.c.
    - CVE-2021-31873

Date: 2022-04-13 13:59:12.242204+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/klibc/2.0.4-9ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list