Package "multiarch-support"
Name: |
multiarch-support
|
Description: |
Transitional package to ensure multiarch compatibility
|
Latest version: |
2.23-0ubuntu11.3 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
main |
Head package: |
glibc |
Homepage: |
http://www.gnu.org/software/libc/libc.html |
Links
Download "multiarch-support"
Other versions of "multiarch-support" in Xenial
Changelog
glibc (2.23-0ubuntu7) xenial-security; urgency=medium
* REGRESSION UPDATE: Previous update introduced ABI breakage in
internal glibc query ABI
- Revert patches/any/CVE-2015-5180-regression.diff
(LP: #1674532)
-- Steve Beattie <email address hidden> Tue, 21 Mar 2017 08:54:23 -0700
|
Source diff to previous version |
CVE-2015-5180 |
DNS resolver NULL pointer dereference with crafted record type |
|
glibc (2.23-0ubuntu6) xenial-security; urgency=medium
* SECURITY UPDATE: DNS resolver NULL pointer dereference with
crafted record type
- patches/any/CVE-2015-5180.diff: use out of band signaling for
internal queries
- CVE-2015-5180
* Rebuild to get the following fixes into the xenial-security pocket:
- SECURITY UPDATE: stack-based buffer overflow in the glob
implementation
+ patches/git-updates.diff: Simplify the interface for the
GLOB_ALTDIRFUNC callback gl_readdir
+ CVE-2016-1234
- SECURITY UPDATE: getaddrinfo: stack overflow in hostent
conversion
+ patches/git-updates.diff: Use a heap allocation instead
+ CVE-2016-3706:
- SECURITY UPDATE: stack exhaustion in clntudp_call
+ patches/git-updates.diff: Use malloc/free for the error
payload.
+ CVE-2016-4429
- SECURITY UPDATE: memory exhaustion DoS in libresolv
+ patches/git-updates.diff: Simplify handling of nameserver
configuration in resolver
+ CVE-2016-5417
- SECURITY UPDATE: ARM32 backtrace infinite loop (DoS)
+ patches/git-updates.diff: mark __startcontext as .cantunwind
+ CVE-2016-6323
-- Steve Beattie <email address hidden> Mon, 06 Mar 2017 16:47:32 -0800
|
Source diff to previous version |
CVE-2015-5180 |
DNS resolver NULL pointer dereference with crafted record type |
CVE-2016-1234 |
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-depende |
CVE-2016-3706 |
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attack |
CVE-2016-4429 |
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to caus |
CVE-2016-5417 |
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows |
CVE-2016-6323 |
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI |
|
glibc (2.23-0ubuntu5) xenial; urgency=medium
* Disable lock-elision on all targets to avoid regressions (LP: #1642390)
-- Adam Conrad <email address hidden> Wed, 16 Nov 2016 13:53:50 -0700
|
Source diff to previous version |
1642390 |
Disable lock-elision in glibc pending upstream changes |
|
glibc (2.23-0ubuntu4) xenial; urgency=medium
* debian/rules.d/tarball.mk: Apply --no-renames to make the diff readable.
* debian/patches/git-updates.diff: Update from release/2.23/master branch:
- Include fix for potential makecontext() hang on ARMv7 (CVE-2016-6323)
- Include fix for SEGV in sock_eq with nss_hesiod module (LP: #1571456)
- Include malloc fixes, addressing multithread deadlocks (LP: #1630302)
- debian/patches/hurd-i386/cvs-libpthread.so.diff: Dropped, upstreamed.
- debian/patches/any/submitted-argp-attribute.diff: Dropped, upstreamed.
- debian/patches/hurd-i386/tg-hurdsig-fixes-2.diff: Rebased to upstream.
* debian/patches/ubuntu/local-altlocaledir.diff: Updated to latest version
from Martin that limits scope to LC_MESSAGES, fixing segv (LP: #1577460)
* debian/patches/any/cvs-cos-precision.diff: Fix cos() bugs (LP: #1614966)
* debian/testsuite-xfail-debian.mk: Allow nptl/tst-signal6 to fail on ARM.
-- Adam Conrad <email address hidden> Fri, 14 Oct 2016 00:00:34 -0600
|
1571456 |
id crashed with SIGSEGV in sock_eq() |
1630302 |
Multi-threaded luaJIT application hangs; apparent deadlock in GLIBC |
1577460 |
mkinitramfs --help \u003e Core dumped |
1614966 |
libc has broken cos implementation |
CVE-2016-6323 |
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI |
|
About
-
Send Feedback to @ubuntu_updates