UbuntuUpdates.org

Package "libc6-dev"

Name: libc6-dev

Description:

GNU C Library: Development Libraries and Header Files
Latest version: 2.23-0ubuntu11.3
Release: xenial (16.04)
Level: security
Repository: main
Head package: glibc
Homepage: http://www.gnu.org/software/libc/libc.html

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libc6-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libc6-dev" in Xenial

Repository Area Version
base main 2.23-0ubuntu3
updates main 2.23-0ubuntu11.3

Changelog

Version: 2.23-0ubuntu6 2017-03-21 02:06:53 UTC

  glibc (2.23-0ubuntu6) xenial-security; urgency=medium

  * SECURITY UPDATE: DNS resolver NULL pointer dereference with
    crafted record type
    - patches/any/CVE-2015-5180.diff: use out of band signaling for
      internal queries
    - CVE-2015-5180
  * Rebuild to get the following fixes into the xenial-security pocket:
    - SECURITY UPDATE: stack-based buffer overflow in the glob
      implementation
      + patches/git-updates.diff: Simplify the interface for the
        GLOB_ALTDIRFUNC callback gl_readdir
      + CVE-2016-1234
    - SECURITY UPDATE: getaddrinfo: stack overflow in hostent
      conversion
      + patches/git-updates.diff: Use a heap allocation instead
      + CVE-2016-3706:
    - SECURITY UPDATE: stack exhaustion in clntudp_call
      + patches/git-updates.diff: Use malloc/free for the error
        payload.
      + CVE-2016-4429
    - SECURITY UPDATE: memory exhaustion DoS in libresolv
      + patches/git-updates.diff: Simplify handling of nameserver
        configuration in resolver
      + CVE-2016-5417
    - SECURITY UPDATE: ARM32 backtrace infinite loop (DoS)
      + patches/git-updates.diff: mark __startcontext as .cantunwind
      + CVE-2016-6323

 -- Steve Beattie <email address hidden> Mon, 06 Mar 2017 16:47:32 -0800
CVE-2015-5180 DNS resolver NULL pointer dereference with crafted record type
CVE-2016-1234 Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-depende
CVE-2016-3706 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attack
CVE-2016-4429 Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to caus
CVE-2016-5417 Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows
CVE-2016-6323 The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI


About   -   Send Feedback to @ubuntu_updates