UbuntuUpdates.org

Package "libc6-dev"

Name: libc6-dev

Description:

GNU C Library: Development Libraries and Header Files
Latest version: 2.35-0ubuntu3.11
Release: jammy (22.04)
Level: security
Repository: main
Head package: glibc
Homepage: https://www.gnu.org/software/libc/libc.html

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libc6-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libc6-dev" in Jammy

Repository Area Version
base main 2.35-0ubuntu3
updates main 2.35-0ubuntu3.12

Changelog

Version: 2.35-0ubuntu3.11 2025-09-22 20:07:08 UTC

  glibc (2.35-0ubuntu3.11) jammy-security; urgency=medium

  * SECURITY UPDATE: double-free in regcomp function
    - debian/patches/any/CVE-2025-8058.patch: fix double-free after
      allocation failure in regcomp in posix/Makefile, posix/regcomp.c,
      posix/tst-regcomp-bracket-free.c.
    - CVE-2025-8058

 -- Marc Deslauriers <email address hidden> Wed, 17 Sep 2025 11:26:08 -0400
Source diff to previous version
CVE-2025-8058 The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accompl

Version: 2.35-0ubuntu3.10 2025-05-28 13:07:12 UTC

  glibc (2.35-0ubuntu3.10) jammy-security; urgency=medium

  * SECURITY UPDATE: privelege escalation issue
    - debian/patches/any/CVE-2025-4802.patch: elf: Ignore LD_LIBRARY_PATH
      and debug env var for setuid for static
    - CVE-2025-4802

 -- Nishit Majithia <email address hidden> Mon, 26 May 2025 12:55:00 +0530
Source diff to previous version
CVE-2025-4802 Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamica

Version: 2.35-0ubuntu3.9 2025-02-08 17:06:59 UTC

  glibc (2.35-0ubuntu3.9) jammy-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow in the assert function.
    - debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP
      calculation and include libc-pointer-arith.h in assert/assert.c and
      sysdeps/posix/libc_fatal.c.
    - CVE-2025-0395

 -- Hlib Korzhynskyy <email address hidden> Tue, 28 Jan 2025 16:55:30 -0330
Source diff to previous version
CVE-2025-0395 When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message stri

Version: 2.35-0ubuntu3.8 2024-05-29 18:08:17 UTC

  glibc (2.35-0ubuntu3.8) jammy-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/CVE-2024-33599.patch: CVE-2024-33599: nscd: Stack-
      based buffer overflow in netgroup cache.
    - CVE-2024-33599
  * SECURITY UPDATE: Null pointer
    - debian/patches/CVE-2024-33600_1.patch: CVE-2024-33600: nscd: Avoid
      null pointer crashes after notfound response.
    - debian/patches/CVE-2024-33600_2.patch: CVE-2024-33600: nscd: Do
      not send missing not-found response in addgetnetgrentX.
    - CVE-2024-33600
  * SECURITY UPDATE: Memory corruption
    - debian/patches/CVE-2024-33601_33602.patch: CVE-2024-33601, CVE-
      2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX.
    - CVE-2024-33601
    - CVE-2024-33602

 -- Paulo Flabiano Smorigo <email address hidden> Mon, 06 May 2024 17:34:28 -0300
Source diff to previous version
CVE-2024-33599 nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then
CVE-2024-33600 nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the
CVE-2024-33601 nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xreallo
CVE-2024-33602 nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the N

Version: 2.35-0ubuntu3.7 2024-04-18 14:06:54 UTC

  glibc (2.35-0ubuntu3.7) jammy-security; urgency=medium

  * SECURITY UPDATE: OOB write in iconv plugin ISO-2022-CN-EXT
    - debian/patches/any/CVE-2024-2961.patch: fix out-of-bound writes when
      writing escape sequence in iconvdata/Makefile,
      iconvdata/iso-2022-cn-ext.c, iconvdata/tst-iconv-iso-2022-cn-ext.c.
    - CVE-2024-2961

 -- Marc Deslauriers <email address hidden> Tue, 16 Apr 2024 09:40:36 -0400
CVE-2024-2961 The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting string


About   -   Send Feedback to @ubuntu_updates