Publishing details
Changelog
glibc (2.27-3ubuntu1.5) bionic-security; urgency=medium
* SECURITY UPDATE: infinite loop in iconv
- debian/patches/any/CVE-2016-10228-pre1.patch: add xsetlocale function
in support/Makefile, support/support.h, support/xsetlocale.c.
- debian/patches/any/CVE-2016-10228-1.patch: rewrite iconv option
parsing in iconv/Makefile, iconv/Versions, iconv/gconv_charset.c,
iconv/gconv_charset.h, iconv/gconv_int.h, iconv/gconv_open.c,
iconv/iconv_open.c, iconv/iconv_prog.c, iconv/tst-iconv-opt.c,
iconv/tst-iconv_prog.sh, intl/dcigettext.c.
- debian/patches/any/CVE-2016-10228-2.patch: handle translation output
codesets with suffixes in iconv/Versions, iconv/gconv_charset.c,
iconv/gconv_charset.h, iconv/gconv_int.h, iconv/iconv_open.c,
iconv/iconv_prog.c, intl/dcigettext.c, intl/tst-codeset.c.
- CVE-2016-10228
* SECURITY UPDATE: buffer over-read in iconv
- debian/patches/any/CVE-2019-25013.patch: fix buffer overrun in EUC-KR
conversion module in iconvdata/bug-iconv13.c, iconvdata/euc-kr.c,
iconvdata/ksc5601.h.
- CVE-2019-25013
* SECURITY UPDATE: another infinite loop in iconv
- debian/patches/any/CVE-2020-27618.patch: fix issue in
iconvdata/ibm1364.c.
- CVE-2020-27618
* SECURITY UPDATE: DoS via assert in iconv
- debian/patches/any/CVE-2020-29562.patch: fix incorrect UCS4 inner
loop bounds in iconv/Makefile, iconv/gconv_simple.c,
iconv/tst-iconv8.c.
- CVE-2020-29562
* SECURITY UPDATE: signed comparison issue in ARMv7 memcpy
- debian/patches/any/CVE-2020-6096-3.patch: fix memcpy and memmove for
negative length in sysdeps/arm/memcpy.S, sysdeps/arm/memmove.S.
- debian/patches/any/CVE-2020-6096-4.patch: fix multiarch memcpy for
negative length in sysdeps/arm/armv7/multiarch/memcpy_impl.S.
- CVE-2020-6096
* SECURITY UPDATE: assertion fail in iconv
- debian/patches/any/CVE-2021-3326.patch: fix assertion failure in
ISO-2022-JP-3 module in iconvdata/Makefile, iconvdata/bug-iconv14.c,
iconvdata/iso-2022-jp-3.c.
- CVE-2021-3326
* SECURITY UPDATE: overflow in wordexp via crafted pattern
- debian/patches/any/CVE-2021-35942.patch: handle overflow in
positional parameter number in posix/wordexp-test.c, posix/wordexp.c.
- CVE-2021-35942
* SECURITY UPDATE: Off-by-one buffer overflow/underflow in getcwd()
- debian/patches/any/CVE-2021-3999.patch: set errno to ERANGE for
size == 1 in sysdeps/posix/getcwd.c.
- CVE-2021-3999
* SECURITY UPDATE: DoS via long svcunix_create path argument
- debian/patches/any/CVE-2022-23218-pre1.patch: add the
__sockaddr_un_set function in include/sys/un.h, socket/Makefile,
socket/sockaddr_un_set.c, socket/tst-sockaddr_un_set.c.
- debian/patches/any/CVE-2022-23218.patch: fix buffer overflow in
sunrpc/svc_unix.c.
- CVE-2022-23218
* SECURITY UPDATE: DoS via long clnt_create hostname argument
- debian/patches/any/CVE-2022-23219.patch: fix buffer overflow in
sunrpc/clnt_gen.c.
- CVE-2022-23219
* debian/patches/any/fix_test-errno-linux.patch: Handle EINVAL from
quotactl in newer kernels in
sysdeps/unix/sysv/linux/test-errno-linux.c.
-- Marc Deslauriers <email address hidden> Mon, 24 Jan 2022 07:53:44 -0500
Builds
Built packages
-
glibc-doc
GNU C Library: Documentation
-
glibc-source
GNU C Library: sources
-
libc-bin
GNU C Library: Binaries
-
libc-bin-dbgsym
debug symbols for libc-bin
-
libc-dev-bin
GNU C Library: Development binaries
-
libc-dev-bin-dbgsym
debug symbols for libc-dev-bin
-
libc6
GNU C Library: Shared libraries
-
libc6-amd64
GNU C Library: 64bit Shared libraries for AMD64
-
libc6-amd64-dbgsym
debug symbols for libc6-amd64
-
libc6-armel
GNU C Library: ARM softfp shared libraries for armhf
-
libc6-armel-dbgsym
debug symbols for libc6-armel
-
libc6-dbg
GNU C Library: detached debugging symbols
-
libc6-dev
GNU C Library: Development Libraries and Header Files
-
libc6-dev-amd64
GNU C Library: 64bit Development Libraries for AMD64
-
libc6-dev-armel
GNU C Library: ARM softfp development libraries for armhf
-
libc6-dev-i386
GNU C Library: 32-bit development libraries for AMD64
-
libc6-dev-s390
GNU C Library: 32bit Development Libraries for IBM zSeries
-
libc6-dev-x32
GNU C Library: X32 ABI Development Libraries for AMD64
-
libc6-i386
GNU C Library: 32-bit shared libraries for AMD64
-
libc6-i386-dbgsym
debug symbols for libc6-i386
-
libc6-lse
GNU C Library: Shared Libraries
-
libc6-pic
GNU C Library: PIC archive library
-
libc6-s390
GNU C Library: 32bit Shared libraries for IBM zSeries
-
libc6-s390-dbgsym
debug symbols for libc6-s390
-
libc6-udeb
GNU C Library: Shared libraries - udeb
-
libc6-x32
GNU C Library: X32 ABI Shared libraries for AMD64
-
libc6-x32-dbgsym
debug symbols for libc6-x32
-
locales
GNU C Library: National Language (locale) data [support]
-
locales-all
GNU C Library: Precompiled locale data
-
multiarch-support
Transitional package to ensure multiarch compatibility
-
nscd
GNU C Library: Name Service Cache Daemon
-
nscd-dbgsym
debug symbols for nscd
Package files