UbuntuUpdates.org

Package "libc6"

Name: libc6

Description:

GNU C Library: Shared libraries

Latest version: 2.39-0ubuntu8.3
Release: noble (24.04)
Level: security
Repository: main
Head package: glibc
Homepage: https://www.gnu.org/software/libc/libc.html

Links


Download "libc6"


Other versions of "libc6" in Noble

Repository Area Version
base main 2.39-0ubuntu8
updates main 2.39-0ubuntu8.3

Changelog

Version: 2.39-0ubuntu8.3 2024-08-22 17:07:19 UTC

  glibc (2.39-0ubuntu8.3) noble; urgency=medium

  * Fix framepointer flags for s390x and ppc64el
    (LP: #2064538, LP: #2064539)

 -- Simon Chopin <email address hidden> Thu, 08 Aug 2024 16:47:42 +0200

Source diff to previous version

Version: 2.39-0ubuntu8.2 2024-05-29 18:08:27 UTC

  glibc (2.39-0ubuntu8.2) noble-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/CVE-2024-33599.patch: CVE-2024-33599: nscd: Stack-
      based buffer overflow in netgroup cache.
    - CVE-2024-33599
  * SECURITY UPDATE: Null pointer
    - debian/patches/CVE-2024-33600_1.patch: CVE-2024-33600: nscd: Avoid
      null pointer crashes after notfound response.
    - debian/patches/CVE-2024-33600_2.patch: CVE-2024-33600: nscd: Do
      not send missing not-found response in addgetnetgrentX.
    - CVE-2024-33600
  * SECURITY UPDATE: Memory corruption
    - debian/patches/CVE-2024-33601_33602.patch: CVE-2024-33601, CVE-
      2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX.
    - CVE-2024-33601
    - CVE-2024-33602

 -- Paulo Flabiano Smorigo <email address hidden> Tue, 30 Apr 2024 15:02:13 -0300

Source diff to previous version
CVE-2024-33599 nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then
CVE-2024-33600 nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the
CVE-2024-33601 nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xreallo
CVE-2024-33602 nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the N

Version: 2.39-0ubuntu8.1 2024-04-29 13:07:04 UTC

  glibc (2.39-0ubuntu8.1) noble-security; urgency=medium

  * SECURITY UPDATE: OOB write in iconv plugin ISO-2022-CN-EXT
    - debian/patches/any/CVE-2024-2961.patch: fix out-of-bound writes when
      writing escape sequence in iconvdata/Makefile,
      iconvdata/iso-2022-cn-ext.c, iconvdata/tst-iconv-iso-2022-cn-ext.c.
    - CVE-2024-2961

 -- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 09:52:32 -0400

CVE-2024-2961 The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting string



About   -   Send Feedback to @ubuntu_updates