[ubuntu/eoan-updates] glibc 2.30-0ubuntu2.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Jul 6 18:28:38 UTC 2020
glibc (2.30-0ubuntu2.2) eoan-security; urgency=medium
* SECURITY UPDATE: ASLR bypass
- debian/patches/any/CVE-2019-19126.patch: check __libc_enable_secure
before honoring LD_PREFER_MAP_32BIT_EXEC in
sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h.
- CVE-2019-19126
* SECURITY UPDATE: out-of-bounds write on PowerPC
- debian/patches/any/CVE-2020-1751.patch: fix array overflow in
backtrace on PowerPC in debug/tst-backtrace5.c,
sysdeps/powerpc/powerpc32/backtrace.c,
sysdeps/powerpc/powerpc64/backtrace.c.
- CVE-2020-1751
* SECURITY UPDATE: use-after-free via tilde expansion
- debian/patches/any/CVE-2020-1752.patch: fix use-after-free in glob
when expanding ~user in posix/glob.c.
- CVE-2020-1752
* SECURITY UPDATE: stack overflow via 80-bit long double function
- debian/patches/any/CVE-2020-10029-1.patch: avoid ldbl-96 stack
corruption from range reduction of pseudo-zero in
sysdeps/ieee754/ldbl-96/Makefile,
sysdeps/ieee754/ldbl-96/e_rem_pio2l.c,
sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c.
- debian/patches/any/CVE-2020-10029-2.patch: use stack protector only
if available in sysdeps/ieee754/ldbl-96/Makefile.
- CVE-2020-10029
Date: 2020-06-05 14:36:23.919994+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/glibc/2.30-0ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Eoan-changes
mailing list