Package "klibc"
Name: |
klibc
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- small utilities built with klibc for early boot
- minimal libc subset for use with initramfs
- kernel headers used during the build of klibc
|
Latest version: |
2.0.7-1ubuntu5.2 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
main |
Links
Other versions of "klibc" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
klibc (2.0.7-1ubuntu5.2) focal-security; urgency=medium
* SECURITY UPDATE: improper pointer arithmetic
- debian/patches/CVE-2016-9840.patch: remove offset pointer optimization
in usr/klibc/zlib/inftrees.c.
- CVE-2016-9840
* SECURITY UPDATE: improper pointer arithmetic
- debian/patches/CVE-2016-9841.patch: remove offset pointer optimization
in usr/klibc/zlib/inffast.c.
- CVE-2016-9841
* SECURITY UPDATE: memory corruption during compression
- debian/patches/CVE-2018-25032.patch: addresses a bug that can crash
deflate on rare inputs when using Z_FIXED.
- CVE-2018-25032
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2022-37434-1.patch: adds an extra condition to check
if state->head->extra_max is greater than len before copying, and moves
the len assignment to be placed before the check in
usr/klibc/zlib/inflate.c.
- debian/patches/CVE-2022-37434-2.patch: in the previous patch, the
placement of the len assignment was causing issues so it was moved
within the conditional check.
- CVE-2022-37434
-- Ian Constantin <email address hidden> Sat, 13 Apr 2024 12:35:16 +0300
|
Source diff to previous version |
CVE-2016-9840 |
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |
CVE-2016-9841 |
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |
CVE-2018-25032 |
zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. |
CVE-2022-37434 |
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only appl |
|
klibc (2.0.7-1ubuntu5.1) focal-security; urgency=medium
* SECURITY UPDATE: integer overflow in calloc
- debian/patches/CVE-2021-31870.patch: add overflow check
when performing the multiplication in usr/klibc/calloc.c.
- CVE-2021-31870
* SECURITY UPDATE: integer overflow in cpio
- debian/patches/CVE-2021-31871.patch: remove cast to unsigned
to avoid a possible overflow in 64 bit systems in
usr/utils/cpio.c.
- CVE-2021-31871
* SECURITY UPDATE: integer overflow in read_in_new_ascii
- debian/patches/CVE-2021-31872.patch: ensure that c_namesize
and c_filesize are smaller than LONG_MAX in usr/utils/cpio.c.
- CVE-2021-31872
* SECURITY UPDATE: integer overflow in malloc
- debian/patches/CVE-2021-31873.patch: ensure that size is smaller
than PTRDIFF_MAX in usr/klibc/malloc.c.
- CVE-2021-31873
-- David Fernandez Gonzalez <email address hidden> Wed, 13 Apr 2022 10:40:18 +0200
|
CVE-2021-31870 |
An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer |
CVE-2021-31871 |
An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems. |
CVE-2021-31872 |
An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overf |
CVE-2021-31873 |
An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer over |
|
About
-
Send Feedback to @ubuntu_updates