[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

Launchpad Bug Tracker 1546457 at bugs.launchpad.net
Wed May 25 08:44:52 UTC 2016


This bug was fixed in the package eglibc - 2.15-0ubuntu10.14

---------------
eglibc (2.15-0ubuntu10.14) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gethostbyname_r and related
    functions
    - debian/patches/any/CVE-2015-1781.diff: take alignment padding
      into account when computing if buffer is too small.
    - CVE-2015-1781
  * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
    - debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
      database during iteration.
    - debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
      between getXXent and getXXbyYY NSS calls.
    - CVE-2014-8121
  * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
    conversion
    - debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
      of NaN payloads.
    - debian/patches/any/CVE-2014-9761-1.diff:  Fix nan functions
      handling of payload strings
    - CVE-2014-9761
  * SECURITY UPDATE: out of range data to strftime() causes segfault
    (denial of service)
    - debian/patches/any/CVE-2015-8776.diff: add range checks to
      strftime() processing
    - CVE-2015-8776
  * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
    AT_SECURE programs (e.g. setuid), allowing disabling of pointer
    mangling
    - debian/patches/any/CVE-2015-8777.diff: Always enable pointer
      guard
    - CVE-2015-8777
  * SECURITY UPDATE: integer overflow in hcreate and hcreate_r
    - debian/patches/any/CVE-2015-8778.diff: check for large inputs
    - CVE-2015-8778
  * SECURITY UPDATE: unbounded stack allocation in catopen()
    - debian/patches/any/CVE-2015-8779.diff: stop using unbounded
      alloca()
    - CVE-2015-8779
  * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
    - debian/patches/any/CVE-2016-3075.diff: do not make unneeded
      memory copy on the stack.
    - CVE-2016-3075
  * SECURITY UPDATE: pt_chown privilege escalation
    - debian/patches/any/CVE-2016-2856-pre.diff: add option to
      enable/disable pt_chown.
    - debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
      about pty group and permission mode
    - debian/debhelper.in/libc-bin.install: drop installation of
      pt_chown
    - CVE-2016-2856, CVE-2013-2207
  * debian/debhelper.in/libc.postinst: add reboot notifications for
    security updates (LP: #1546457)

 -- Steve Beattie <sbeattie at ubuntu.com>  Fri, 08 Apr 2016 23:59:46 -0700

** Changed in: eglibc (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2207

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-8121

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9761

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1781

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8776

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8777

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8778

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8779

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2856

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

Status in glibc package in Ubuntu:
  Fix Released
Status in eglibc source package in Precise:
  Fix Released
Status in eglibc source package in Trusty:
  Fix Released
Status in glibc source package in Wily:
  Fix Released

Bug description:
  2.15-0ubunt10.13 on ubuntu 12.04 was installed last night as a result
  of http://www.ubuntu.com/usn/usn-2900-1/ and unattended-upgrades

  However we are not getting a reboot-required file in /var/run/reboot-
  required.

  We are doing reboots by hand, but we believe this should be fixed.
  I'll have a look at the packaging to see why this didn't happen.

  Thanks for any help,

    Will Pearson

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1546457/+subscriptions



More information about the foundations-bugs mailing list