[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

Launchpad Bug Tracker 1546457 at bugs.launchpad.net
Wed May 25 08:45:29 UTC 2016

This bug was fixed in the package glibc - 2.21-0ubuntu4.2

glibc (2.21-0ubuntu4.2) wily-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gethostbyname_r and related
    - debian/patches/any/CVE-2015-1781.diff: take alignment padding
      into account when computing if buffer is too small.
    - CVE-2015-1781
  * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
    - debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
      database during iteration.
    - debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
      between getXXent and getXXbyYY NSS calls.
    - CVE-2014-8121
  * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
    - debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
      of NaN payloads.
    - debian/patches/any/CVE-2014-9761-1.diff:  Fix nan functions
      handling of payload strings
    - CVE-2014-9761
  * SECURITY UPDATE: out of range data to strftime() causes segfault
    (denial of service)
    - debian/patches/any/CVE-2015-8776.diff: add range checks to
      strftime() processing
    - CVE-2015-8776
  * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
    AT_SECURE programs (e.g. setuid), allowing disabling of pointer
    - debian/patches/any/CVE-2015-8777.diff: Always enable pointer
    - CVE-2015-8777
  * SECURITY UPDATE: integer overflow in hcreate and hcreate_r
    - debian/patches/any/CVE-2015-8778.diff: check for large inputs
    - CVE-2015-8778
  * SECURITY UPDATE: unbounded stack allocation in catopen()
    - debian/patches/any/CVE-2015-8779.diff: stop using unbounded
    - CVE-2015-8779
  * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
    - debian/patches/any/CVE-2016-3075.diff: do not make unneeded
      memory copy on the stack.
    - CVE-2016-3075
  * SECURITY UPDATE: pt_chown privilege escalation
    - debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
      about pty group and permission mode
    - debian/sysdeps/linux.mk: don't build pt_chown
    - debian/rules.d/debhelper.mk: only install pt_chown when built.
    - CVE-2016-2856, CVE-2013-2207
  * debian/debhelper.in/libc.postinst: add reboot notifications for
    security updates (LP: #1546457)

 -- Steve Beattie <sbeattie at ubuntu.com>  Fri, 08 Apr 2016 09:44:34 -0700

You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.

  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

Status in glibc package in Ubuntu:
  Fix Released
Status in eglibc source package in Precise:
  Fix Released
Status in eglibc source package in Trusty:
  Fix Released
Status in glibc source package in Wily:
  Fix Released

Bug description:
  2.15-0ubunt10.13 on ubuntu 12.04 was installed last night as a result
  of http://www.ubuntu.com/usn/usn-2900-1/ and unattended-upgrades

  However we are not getting a reboot-required file in /var/run/reboot-

  We are doing reboots by hand, but we believe this should be fixed.
  I'll have a look at the packaging to see why this didn't happen.

  Thanks for any help,

    Will Pearson

To manage notifications about this bug go to:

More information about the foundations-bugs mailing list