UbuntuUpdates.org

Package "klibc"

Name: klibc

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • small utilities built with klibc for early boot
  • minimal libc subset for use with initramfs
  • kernel headers used during the build of klibc
Latest version: 2.0.4-9ubuntu2.1
Release: bionic (18.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "klibc" in Bionic

Repository Area Version
base main 2.0.4-9ubuntu2
updates main 2.0.4-9ubuntu2.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.0.4-9ubuntu2.1 2022-04-18 09:06:21 UTC

  klibc (2.0.4-9ubuntu2.1) bionic-security; urgency=medium

  * SECURITY UPDATE: integer overflow in calloc
    - debian/patches/CVE-2021-31870.patch: add overflow check
      when performing the multiplication in usr/klibc/calloc.c.
    - CVE-2021-31870
  * SECURITY UPDATE: integer overflow in cpio
    - debian/patches/CVE-2021-31871.patch: remove cast to unsigned
      to avoid a possible overflow in 64 bit systems in
      usr/utils/cpio.c.
    - CVE-2021-31871
  * SECURITY UPDATE: integer overflow in read_in_new_ascii
    - debian/patches/CVE-2021-31872.patch: ensure that c_namesize
      and c_filesize are smaller than LONG_MAX in usr/utils/cpio.c.
    - CVE-2021-31872
  * SECURITY UPDATE: integer overflow in malloc
    - debian/patches/CVE-2021-31873.patch: ensure that size is smaller
      than PTRDIFF_MAX in usr/klibc/malloc.c.
    - CVE-2021-31873

 -- David Fernandez Gonzalez <email address hidden> Wed, 13 Apr 2022 10:41:23 +0200
CVE-2021-31870 An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer
CVE-2021-31871 An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.
CVE-2021-31872 An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overf
CVE-2021-31873 An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer over


About   -   Send Feedback to @ubuntu_updates