Package "libc6-prof"
Name: |
libc6-prof
|
Description: |
Embedded GNU C Library: Profiling Libraries
|
Latest version: |
2.19-0ubuntu6.15 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Head package: |
eglibc |
Homepage: |
http://www.eglibc.org |
Links
Download "libc6-prof"
Other versions of "libc6-prof" in Trusty
Changelog
eglibc (2.19-0ubuntu6.15) trusty-security; urgency=medium
* Fix NSS loading for static binaries (LP: #1821752)
- debian/patches/any/local-static-dlopen-search-path.diff: fix static
dlopen default library search path in elf/dl-support.c.
-- Marc Deslauriers <email address hidden> Tue, 26 Mar 2019 09:53:00 -0400
|
Source diff to previous version |
1821752 |
libc6 version 2.19 breaks NSS loading for static binaries |
|
eglibc (2.19-0ubuntu6.14) trusty-security; urgency=medium
* SECURITY UPDATE: Memory leak in dynamic loader (ld.so)
- debian/patches/any/cvs-compute-correct-array-size-in-_dl_init_paths.diff:
Compute correct array size in _dl_init_paths
- CVE-2017-1000408
* SECURITY UPDATE: Buffer overflow in dynamic loader (ld.so)
- debian/patches/any/cvs-count-components-of-expanded-path-in-_dl_init_paths.diff:
Count components of the expanded path in _dl_init_path
- CVE-2017-1000409
* SECURITY UPDATE: One-byte overflow in glob
- debian/patches/any/cvs-fix-one-byte-glob-overflow.diff: Fix one-byte
overflow in glob
- CVE-2017-15670
* SECURITY UPDATE: Buffer overflow in glob
- debian/patches/any/cvs-fix-glob-buffer-overflow.diff: Fix buffer overflow
during GLOB_TILDE unescaping
- CVE-2017-15804
* SECURITY UPDATE: Local privilege escalation via mishandled RPATH / RUNPATH
- debian/patches/any/cvs-elf-check-for-empty-tokens.diff: elf: Check for
empty tokens before dynamic string token expansion
- CVE-2017-16997
* SECURITY UPDATE: Buffer underflow in realpath()
- debian/patches/any/cvs-make-getcwd-fail-if-path-is-no-absolute.diff:
Make getcwd(3) fail if it cannot obtain an absolute path
- CVE-2018-1000001
-- Chris Coulson <email address hidden> Mon, 15 Jan 2018 09:37:19 +0000
|
Source diff to previous version |
eglibc (2.19-0ubuntu6.13) trusty-security; urgency=medium
* SECURITY UPDATE: LD_LIBRARY_PATH stack corruption
- debian/patches/any/CVE-2017-1000366.patch: Completely ignore
LD_LIBRARY_PATH for AT_SECURE=1 programs
- CVE-2017-1000366
* SECURITY UPDATE: LD_PRELOAD stack corruption
- debian/patches/any/upstream-harden-rtld-Reject-overly-long-LD_PRELOAD.patch:
Reject overly long names or names containing directories in
LD_PRELOAD for AT_SECURE=1 programs.
* debian/patches/any/cvs-harden-glibc-malloc-metadata.patch: add
additional consistency check for 1-byte overflows
* debian/patches/any/cvs-harden-ignore-LD_HWCAP_MASK.patch: ignore
LD_HWCAP_MASK for AT_SECURE=1 programs
-- Steve Beattie <email address hidden> Fri, 16 Jun 2017 12:06:00 -0700
|
Source diff to previous version |
|
eglibc (2.19-0ubuntu6.11) trusty-security; urgency=medium
* REGRESSION UPDATE: Previous update introduced ABI breakage in
internal glibc query ABI
- Back out patches/any/CVE-2015-5180-regression.diff
(LP: #1674532)
-- Steve Beattie <email address hidden> Tue, 21 Mar 2017 03:28:13 -0700
|
Source diff to previous version |
CVE-2015-5180 |
DNS resolver NULL pointer dereference with crafted record type |
|
eglibc (2.19-0ubuntu6.10) trusty-security; urgency=medium
* SECURITY UPDATE: multiple overflows in strxfrm()
- patches/any/CVE-2015-8982.diff: Fix memory handling in strxfrm_l
- CVE-2015-8982
* SECURITY UPDATE: _IO_wstr_overflow integer overflow
- patches/any/CVE-2015-8983.diff: Add checks for integer overflow
- CVE-2015-8983
* SECURITY UPDATE: buffer overflow (read past end of buffer) in
internal_fnmatch
- patches/any/CVE-2015-8984.diff: Remove extra increment when
skipping over collating symbol inside a bracket expression.
- CVE-2015-8984
* SECURITY UPDATE: DNS resolver NULL pointer dereference with
crafted record type
- patches/any/CVE-2015-5180.diff: Use out of band signaling for
internal queries
- CVE-2015-5180
* SECURITY UPDATE: stack-based buffer overflow in the glob
implementation
- patches/any/CVE-2016-1234.diff: Simplify the interface for the
GLOB_ALTDIRFUNC callback gl_readdir
- CVE-2016-1234
* SECURITY UPDATE: getaddrinfo: stack overflow in hostent conversion
- patches/any/CVE-2016-3706.diff: Use a heap allocation instead
- CVE-2016-3706:
* SECURITY UPDATE: stack exhaustion in clntudp_call
- patches/any/CVE-2016-4429.diff: Use malloc/free for the error
payload.
- CVE-2016-4429
* SECURITY UPDATE: ARM32 backtrace infinite loop (DoS)
- patches/any/CVE-2016-6323.diff: mark __startcontext as
.cantunwind
- CVE-2016-6323
* debian/testsuite-checking/expected-results-aarch64-linux-gnu-libc,
debian/testsuite-checking/expected-results-arm-linux-gnueabihf-libc:
Allow nptl/tst-signal6 to fail on ARM, ARM64
-- Steve Beattie <email address hidden> Mon, 06 Mar 2017 16:49:25 -0800
|
CVE-2015-8982 |
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial o |
CVE-2015-8983 |
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c ... |
CVE-2015-8984 |
The fnmatch function in the GNU C Library (aka glibc or libc6) before ... |
CVE-2015-5180 |
DNS resolver NULL pointer dereference with crafted record type |
CVE-2016-1234 |
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-depende |
CVE-2016-3706 |
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attack |
CVE-2016-4429 |
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to caus |
CVE-2016-6323 |
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI |
|
About
-
Send Feedback to @ubuntu_updates