[ubuntu/lucid-security] eglibc 2.11.1-0ubuntu7.13 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Oct 21 16:08:40 UTC 2013 

eglibc (2.11.1-0ubuntu7.13) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    strcoll overflows
    - debian/patches/any/CVE-2012-44xx.diff: fix overflows in
      string/strcoll_l.c, add test to string/tst-strcoll-overflow.c,
      string/Makefile.
    - CVE-2012-4412
    - CVE-2012-4424
  * SECURITY UPDATE: denial of service in regular expression matcher
    - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in
      posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile.
    - CVE-2013-0242
  * SECURITY UPDATE: denial of service in getaddrinfo
    - debian/patches/any/CVE-2013-1914.diff: fix overflow in
      sysdeps/posix/getaddrinfo.c, add libc_hidden_proto for
      __libc_alloca_cutoff in include/alloca.h, nptl/Versions,
      nptl/alloca_cutoff.c.
    - CVE-2013-1914
  * SECURITY UPDATE: denial of service and possible code execution via
    readdir_r
    - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in
      sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h,
      sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove
      GETDENTS_64BIT_ALIGNED from
      sysdeps/unix/sysv/linux/i386/readdir64_r.c,
      sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c.
    - CVE-2013-4237
  * SECURITY UPDATE: denial of service and possible code execution via
    overflows in memory allocator
    - debian/patches/any/CVE-2013-4332.diff: check for overflows in
      malloc/malloc.c.
    - CVE-2013-4332

eglibc (2.11.1-0ubuntu7.12) lucid; urgency=low

  * Pull three interdependent patches from Debian to fix AVX detection
    problems on kernels or CPUs that lack support for it (LP: #979003):
    - amd64/cvs-avx-detection.diff: Improved detection on old kernels.
    - amd64/cvs-dl_trampoline-cfi.diff: fix CFI in dl_trampoline code.
    - amd64/cvs-avx-osxsave.diff: Disable AVX without OSXAVE support.
  * Also backport amd64/submitted-tst-audit6-avx.diff from oneiric to
    skip tests if AVX extensions are not available on the build host.
  * Use non-deprecated --reject-format=unified QUILT_PATCH_OPTS option.

Date: 2013-10-02 01:07:13.499499+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/lucid/+source/eglibc/2.11.1-0ubuntu7.13
-------------- next part --------------
Sorry, changesfile not available.

More information about the Lucid-changes mailing list