[ubuntu/precise-security] eglibc 2.15-0ubuntu10.5 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Oct 21 16:08:39 UTC 2013 

eglibc (2.15-0ubuntu10.5) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    strcoll overflows
    - debian/patches/any/CVE-2012-44xx.diff: fix overflows in
      string/strcoll_l.c, add test to string/tst-strcoll-overflow.c,
      string/Makefile.
    - CVE-2012-4412
    - CVE-2012-4424
  * SECURITY UPDATE: denial of service in regular expression matcher
    - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in
      posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile.
    - CVE-2013-0242
  * SECURITY UPDATE: denial of service in getaddrinfo
    - debian/patches/any/CVE-2013-1914.diff: fix overflow in
      sysdeps/posix/getaddrinfo.c.
    - CVE-2013-1914
  * SECURITY UPDATE: denial of service and possible code execution via
    readdir_r
    - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in
      sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h,
      sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove
      GETDENTS_64BIT_ALIGNED from
      sysdeps/unix/sysv/linux/i386/readdir64_r.c,
      sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c.
    - CVE-2013-4237
  * SECURITY UPDATE: denial of service and possible code execution via
    overflows in memory allocator
    - debian/patches/any/CVE-2013-4332.diff: check for overflows in
      malloc/malloc.c.
    - CVE-2013-4332

eglibc (2.15-0ubuntu10.4) precise; urgency=low

  * Add patch ubuntu/local-disable-nscd-netgroup-caching.diff to
    disable netgroup caching in the default config (LP: #1068889)
  * Backport any/cvs-malloc-deadlock.diff from upstream to prevent
    glibc deadlocking in mallock arena retry paths (LP: #1081734)
  * Fix futex issue (BZ #13844), backport from 2.16 (LP: #1091186)
  * Drop patch any/local-disable-nscd-host-caching.diff, as this
    bug was apparently resolved upstream a while ago (LP: #613662)
  * Add patch any/cvs-ld-self-load.diff to restore ld.so's ability
    to load itself, a behaviour accidentally removed (LP: #1088677)
  * Drop dangling libnss_db.so symlink in libc6-dev (LP: #1088773)

eglibc (2.15-0ubuntu10.3) precise; urgency=low

  * Backport fixes for dbl-64 and ldbl-128 issues (LP: #1000498)
  * Backport another FMA support patch from glibc master branch.

Date: 2013-09-30 12:54:15.072515+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/precise/+source/eglibc/2.15-0ubuntu10.5
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list