[ubuntu/precise-updates] eglibc 2.15-0ubuntu10.16 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Mar 21 01:58:43 UTC 2017
eglibc (2.15-0ubuntu10.16) precise-security; urgency=medium
* SECURITY UPDATE: multiple overflows in strxfrm()
- patches/any/CVE-2015-8982.diff: Fix memory handling in strxfrm_l
- CVE-2015-8982
* SECURITY UPDATE: _IO_wstr_overflow integer overflow
- patches/any/CVE-2015-8983.diff: Add checks for integer overflow
- CVE-2015-8983
* SECURITY UPDATE: buffer overflow (read past end of buffer) in
internal_fnmatch
- patches/any/CVE-2015-8984.diff: Remove extra increment when
skipping over collating symbol inside a bracket expression.
- CVE-2015-8984
* SECURITY UPDATE: DNS resolver NULL pointer dereference with
crafted record type
- patches/any/CVE-2015-5180.diff: Use out of band signaling for
internal queries
- CVE-2015-5180
* SECURITY UPDATE: stack-based buffer overflow in the glob
implementation
- patches/any/CVE-2016-1234.diff: Simplify the interface for the
GLOB_ALTDIRFUNC callback gl_readdir
- CVE-2016-1234
* SECURITY UPDATE: getaddrinfo: stack overflow in hostent conversion
- patches/any/CVE-2016-3706.diff: Use a heap allocation instead
- CVE-2016-3706:
* SECURITY UPDATE: stack exhaustion in clntudp_call
- patches/any/CVE-2016-4429.diff: Use malloc/free for the error
payload.
- CVE-2016-4429
* SECURITY UPDATE: ARM32 backtrace infinite loop (DoS)
- patches/any/CVE-2016-6323.diff: mark __startcontext as
.cantunwind
- CVE-2016-6323
Date: 2017-03-07 00:25:36.233694+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.16
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list