[ubuntu/focal-security] klibc 2.0.7-1ubuntu5.1 (Accepted)

David Fernandez Gonzalez david.fernandezgonzalez at canonical.com
Mon Apr 18 07:40:50 UTC 2022

klibc (2.0.7-1ubuntu5.1) focal-security; urgency=medium

  * SECURITY UPDATE: integer overflow in calloc
    - debian/patches/CVE-2021-31870.patch: add overflow check
      when performing the multiplication in usr/klibc/calloc.c. 
    - CVE-2021-31870
  * SECURITY UPDATE: integer overflow in cpio 
    - debian/patches/CVE-2021-31871.patch: remove cast to unsigned
      to avoid a possible overflow in 64 bit systems in 
    - CVE-2021-31871
  * SECURITY UPDATE: integer overflow in read_in_new_ascii
    - debian/patches/CVE-2021-31872.patch: ensure that c_namesize
      and c_filesize are smaller than LONG_MAX in usr/utils/cpio.c.
    - CVE-2021-31872
  * SECURITY UPDATE: integer overflow in malloc
    - debian/patches/CVE-2021-31873.patch: ensure that size is smaller
      than PTRDIFF_MAX in usr/klibc/malloc.c.
    - CVE-2021-31873

Date: 2022-04-13 13:59:14.729974+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list