{"id":"USN-3239-1","summary":"eglibc, glibc vulnerabilities","details":"It was discovered that the GNU C Library incorrectly handled the\nstrxfrm() function. An attacker could use this issue to cause a denial\nof service or possibly execute arbitrary code. This issue only affected\nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)\n\nIt was discovered that an integer overflow existed in the\n_IO_wstr_overflow() function of the GNU C Library. An attacker could\nuse this to cause a denial of service or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. (CVE-2015-8983)\n\nIt was discovered that the fnmatch() function in the GNU C Library\ndid not properly handle certain malformed patterns. An attacker could\nuse this to cause a denial of service. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)\n\nAlexander Cherepanov discovered a stack-based buffer overflow in the\nglob implementation of the GNU C Library. An attacker could use this\nto specially craft a directory layout and cause a denial of service.\n(CVE-2016-1234)\n\nFlorian Weimer discovered a NULL pointer dereference in the DNS\nresolver of the GNU C Library. An attacker could use this to cause\na denial of service. (CVE-2015-5180)\n\nMichael Petlan discovered an unbounded stack allocation in the\ngetaddrinfo() function of the GNU C Library. An attacker could use\nthis to cause a denial of service. (CVE-2016-3706)\n\nAldy Hernandez discovered an unbounded stack allocation in the sunrpc\nimplementation in the GNU C Library. An attacker could use this to\ncause a denial of service. (CVE-2016-4429)\n\nTim Ruehsen discovered that the getaddrinfo() implementation in the\nGNU C Library did not properly track memory allocations. An attacker\ncould use this to cause a denial of service. This issue only affected\nUbuntu 16.04 LTS. (CVE-2016-5417)\n\nAndreas Schwab discovered that the GNU C Library on ARM 32-bit\nplatforms did not properly set up execution contexts. An attacker\ncould use this to cause a denial of service. (CVE-2016-6323)\n","modified":"2026-02-10T04:41:06Z","published":"2017-03-21T02:58:45Z","related":["UBUNTU-CVE-2015-5180","UBUNTU-CVE-2015-8982","UBUNTU-CVE-2015-8983","UBUNTU-CVE-2015-8984","UBUNTU-CVE-2016-1234","UBUNTU-CVE-2016-3706","UBUNTU-CVE-2016-4429","UBUNTU-CVE-2016-5417","UBUNTU-CVE-2016-6323"],"upstream":["CVE-2015-5180","CVE-2015-8982","CVE-2015-8983","CVE-2015-8984","CVE-2016-1234","CVE-2016-3706","CVE-2016-4429","CVE-2016-5417","CVE-2016-6323","UBUNTU-CVE-2015-5180","UBUNTU-CVE-2015-8982","UBUNTU-CVE-2015-8983","UBUNTU-CVE-2015-8984","UBUNTU-CVE-2016-1234","UBUNTU-CVE-2016-3706","UBUNTU-CVE-2016-4429","UBUNTU-CVE-2016-5417","UBUNTU-CVE-2016-6323"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3239-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5180"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8982"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8983"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8984"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-1234"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-3706"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-4429"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5417"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-6323"}],"affected":[{"package":{"name":"eglibc","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/eglibc@2.19-0ubuntu6.10?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.19-0ubuntu6.10"}]}],"versions":["2.17-93ubuntu4","2.18-0ubuntu1","2.18-0ubuntu2","2.18-0ubuntu4","2.18-0ubuntu5","2.18-0ubuntu6","2.18-0ubuntu7","2.19-0ubuntu2","2.19-0ubuntu3","2.19-0ubuntu4","2.19-0ubuntu5","2.19-0ubuntu6","2.19-0ubuntu6.1","2.19-0ubuntu6.3","2.19-0ubuntu6.4","2.19-0ubuntu6.5","2.19-0ubuntu6.6","2.19-0ubuntu6.7","2.19-0ubuntu6.8","2.19-0ubuntu6.9"],"ecosystem_specific":{"binaries":[{"binary_name":"eglibc-source","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc-bin","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc-dev-bin","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc6","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc6-amd64","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc6-armel","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc6-dev","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc6-dev-amd64","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc6-dev-armel","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc6-dev-i386","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc6-dev-ppc64","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc6-dev-x32","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc6-i386","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc6-pic","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc6-ppc64","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc6-prof","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"libc6-x32","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"multiarch-support","binary_version":"2.19-0ubuntu6.10"},{"binary_name":"nscd","binary_version":"2.19-0ubuntu6.10"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3239-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-8982"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-8983"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-8984"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-1234"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-3706"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-4429"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-6323"}]}}},{"package":{"name":"glibc","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/glibc@2.23-0ubuntu6?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.23-0ubuntu6"}]}],"versions":["2.21-0ubuntu4","2.21-0ubuntu5","2.21-0ubuntu6","2.23-0ubuntu1","2.23-0ubuntu2","2.23-0ubuntu3","2.23-0ubuntu4","2.23-0ubuntu5"],"ecosystem_specific":{"binaries":[{"binary_name":"glibc-source","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc-bin","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc-dev-bin","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6-amd64","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6-armel","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6-dev","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6-dev-amd64","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6-dev-armel","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6-dev-i386","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6-dev-ppc64","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6-dev-s390","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6-dev-x32","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6-i386","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6-pic","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6-ppc64","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6-s390","binary_version":"2.23-0ubuntu6"},{"binary_name":"libc6-x32","binary_version":"2.23-0ubuntu6"},{"binary_name":"locales","binary_version":"2.23-0ubuntu6"},{"binary_name":"locales-all","binary_version":"2.23-0ubuntu6"},{"binary_name":"multiarch-support","binary_version":"2.23-0ubuntu6"},{"binary_name":"nscd","binary_version":"2.23-0ubuntu6"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3239-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-1234"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-3706"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-4429"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-5417"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2016-6323"}]}}}],"schema_version":"1.7.3"}