{"id":"USN-3239-2","summary":"eglibc, glibc regression","details":"USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately,\nthe fix for CVE-2015-5180 introduced an internal ABI change within\nthe resolver library. This update reverts the change. We apologize\nfor the inconvenience.\n\nPlease note that long-running services that were restarted to compensate\nfor the USN-3239-1 update may need to be restarted again.\n\nOriginal advisory details:\n\n It was discovered that the GNU C Library incorrectly handled the\n strxfrm() function. An attacker could use this issue to cause a denial\n of service or possibly execute arbitrary code. This issue only affected\n Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)\n \n It was discovered that an integer overflow existed in the\n _IO_wstr_overflow() function of the GNU C Library. An attacker could\n use this to cause a denial of service or possibly execute arbitrary\n code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04\n LTS. (CVE-2015-8983)\n \n It was discovered that the fnmatch() function in the GNU C Library\n did not properly handle certain malformed patterns. An attacker could\n use this to cause a denial of service. This issue only affected Ubuntu\n 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)\n \n Alexander Cherepanov discovered a stack-based buffer overflow in the\n glob implementation of the GNU C Library. An attacker could use this\n to specially craft a directory layout and cause a denial of service.\n (CVE-2016-1234)\n \n Florian Weimer discovered a NULL pointer dereference in the DNS\n resolver of the GNU C Library. An attacker could use this to cause\n a denial of service. (CVE-2015-5180)\n \n Michael Petlan discovered an unbounded stack allocation in the\n getaddrinfo() function of the GNU C Library. An attacker could use\n this to cause a denial of service. (CVE-2016-3706)\n \n Aldy Hernandez discovered an unbounded stack allocation in the sunrpc\n implementation in the GNU C Library. An attacker could use this to\n cause a denial of service. (CVE-2016-4429)\n \n Tim Ruehsen discovered that the getaddrinfo() implementation in the\n GNU C Library did not properly track memory allocations. An attacker\n could use this to cause a denial of service. This issue only affected\n Ubuntu 16.04 LTS. (CVE-2016-5417)\n \n Andreas Schwab discovered that the GNU C Library on ARM 32-bit\n platforms did not properly set up execution contexts. An attacker\n could use this to cause a denial of service. (CVE-2016-6323)\n","modified":"2026-04-22T09:33:45.367605Z","published":"2017-03-21T23:34:40Z","related":["UBUNTU-CVE-2015-5180"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3239-2"},{"type":"REPORT","url":"https://bugs.launchpad.net/bugs/1674532"}],"affected":[{"package":{"name":"eglibc","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/eglibc@2.19-0ubuntu6.11?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.19-0ubuntu6.11"}]}],"versions":["2.17-93ubuntu4","2.18-0ubuntu1","2.18-0ubuntu2","2.18-0ubuntu4","2.18-0ubuntu5","2.18-0ubuntu6","2.18-0ubuntu7","2.19-0ubuntu2","2.19-0ubuntu3","2.19-0ubuntu4","2.19-0ubuntu5","2.19-0ubuntu6","2.19-0ubuntu6.1","2.19-0ubuntu6.3","2.19-0ubuntu6.4","2.19-0ubuntu6.5","2.19-0ubuntu6.6","2.19-0ubuntu6.7","2.19-0ubuntu6.8","2.19-0ubuntu6.9","2.19-0ubuntu6.10"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.19-0ubuntu6.11","binary_name":"eglibc-source"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc-bin"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc-dev-bin"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc6"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc6-amd64"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc6-armel"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc6-dev-amd64"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc6-dev-armel"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc6-dev-i386"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc6-dev-ppc64"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc6-dev-x32"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc6-i386"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc6-pic"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc6-ppc64"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc6-prof"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"libc6-x32"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"multiarch-support"},{"binary_version":"2.19-0ubuntu6.11","binary_name":"nscd"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3239-2.json"}},{"package":{"name":"glibc","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/glibc@2.23-0ubuntu7?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.23-0ubuntu7"}]}],"versions":["2.21-0ubuntu4","2.21-0ubuntu5","2.21-0ubuntu6","2.23-0ubuntu1","2.23-0ubuntu2","2.23-0ubuntu3","2.23-0ubuntu4","2.23-0ubuntu5","2.23-0ubuntu6"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.23-0ubuntu7","binary_name":"glibc-source"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc-bin"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc-dev-bin"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc6"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc6-amd64"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc6-armel"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc6-dev-amd64"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc6-dev-armel"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc6-dev-i386"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc6-dev-ppc64"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc6-dev-s390"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc6-dev-x32"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc6-i386"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc6-pic"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc6-ppc64"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc6-s390"},{"binary_version":"2.23-0ubuntu7","binary_name":"libc6-x32"},{"binary_version":"2.23-0ubuntu7","binary_name":"locales"},{"binary_version":"2.23-0ubuntu7","binary_name":"locales-all"},{"binary_version":"2.23-0ubuntu7","binary_name":"multiarch-support"},{"binary_version":"2.23-0ubuntu7","binary_name":"nscd"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3239-2.json"}}],"schema_version":"1.7.5"}