UbuntuUpdates.org

Package "libklibc"

Name: libklibc

Description:

minimal libc subset for use with initramfs

Latest version: 2.0.4-9ubuntu2.2
Release: bionic (18.04)
Level: updates
Repository: main
Head package: klibc
Homepage: https://git.kernel.org/cgit/libs/klibc/klibc.git

Links


Download "libklibc"


Other versions of "libklibc" in Bionic

Repository Area Version
base main 2.0.4-9ubuntu2
security main 2.0.4-9ubuntu2.1

Changelog

Version: 2.0.4-9ubuntu2.2 2022-06-09 17:06:21 UTC

  klibc (2.0.4-9ubuntu2.2) bionic; urgency=medium

  [ Khaled Elmously ]
  * d/p/lp1947099-honour-user-requested-timeouts-in-all-cases.patch:
    Honour user-specified timeouts even in error cases. (LP: #1947099)

  [ Mauricio Faria de Oliveira ]
  * d/p/lp1947099-fix-for-no-timeout-specified.patch: Check for an
    user-specified timeout before checking/adjusting timeout values.

 -- Mauricio Faria de Oliveira <email address hidden> Mon, 25 Apr 2022 11:39:01 -0300

Source diff to previous version
1947099 ipconfig does not honour user-requested timeouts in some cases

Version: 2.0.4-9ubuntu2.1 2022-04-18 10:06:22 UTC

  klibc (2.0.4-9ubuntu2.1) bionic-security; urgency=medium

  * SECURITY UPDATE: integer overflow in calloc
    - debian/patches/CVE-2021-31870.patch: add overflow check
      when performing the multiplication in usr/klibc/calloc.c.
    - CVE-2021-31870
  * SECURITY UPDATE: integer overflow in cpio
    - debian/patches/CVE-2021-31871.patch: remove cast to unsigned
      to avoid a possible overflow in 64 bit systems in
      usr/utils/cpio.c.
    - CVE-2021-31871
  * SECURITY UPDATE: integer overflow in read_in_new_ascii
    - debian/patches/CVE-2021-31872.patch: ensure that c_namesize
      and c_filesize are smaller than LONG_MAX in usr/utils/cpio.c.
    - CVE-2021-31872
  * SECURITY UPDATE: integer overflow in malloc
    - debian/patches/CVE-2021-31873.patch: ensure that size is smaller
      than PTRDIFF_MAX in usr/klibc/malloc.c.
    - CVE-2021-31873

 -- David Fernandez Gonzalez <email address hidden> Wed, 13 Apr 2022 10:41:23 +0200

CVE-2021-31870 An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer
CVE-2021-31871 An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.
CVE-2021-31872 An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overf
CVE-2021-31873 An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer over



About   -   Send Feedback to @ubuntu_updates