Ubuntu
eglibc package

glibc vulnerability CVE-2014-7817

Bug #1396471 reported by Pasi Sjöholm
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eglibc (Ubuntu)
Invalid
Undecided
Unassigned
Lucid
Fix Released
Medium
Marc Deslauriers
Precise
Fix Released
Medium
Marc Deslauriers
Trusty
Fix Released
Medium
Marc Deslauriers
Utopic
Invalid
Undecided
Unassigned
Vivid
Invalid
Undecided
Unassigned
glibc (Ubuntu)
Fix Released
Medium
Adam Conrad
Lucid
Invalid
Undecided
Unassigned
Precise
Invalid
Undecided
Unassigned
Trusty
Invalid
Undecided
Unassigned
Utopic
Fix Released
Medium
Marc Deslauriers
Vivid
Fix Released
Medium
Adam Conrad
Seth Arnold (seth-arnold)
information type: Private Security → Public Security
Changed in eglibc (Ubuntu):
status: New → Confirmed
Marc Deslauriers (mdeslaur)
Changed in eglibc (Ubuntu Lucid):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → Confirmed
Changed in eglibc (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → Confirmed
Changed in eglibc (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → Confirmed
Changed in eglibc (Ubuntu Utopic):
status: New → Invalid
Changed in eglibc (Ubuntu Vivid):
status: Confirmed → Invalid
Changed in glibc (Ubuntu Lucid):
status: New → Invalid
Changed in glibc (Ubuntu Precise):
status: New → Invalid
Marc Deslauriers (mdeslaur)
Changed in glibc (Ubuntu Trusty):
status: New → Invalid
Changed in glibc (Ubuntu Utopic):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
status: New → Confirmed
Changed in glibc (Ubuntu Vivid):
assignee: nobody → adicarlo (adam)
importance: Undecided → Medium
status: New → Confirmed
assignee: adicarlo (adam) → Adam Conrad (adconrad)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glibc - 2.19-10ubuntu2.1

---------------
glibc (2.19-10ubuntu2.1) utopic-security; urgency=medium

  * SECURITY UPDATE: denial of service in IBM gconv modules
    - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
      iconvdata/ibm*.c.
    - CVE-2014-6040
  * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
    - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
      posix/wordexp.c, added tests to posix/wordexp-test.c.
    - CVE-2014-7817
 -- Marc Deslauriers <email address hidden> Fri, 28 Nov 2014 10:48:58 -0500

Changed in glibc (Ubuntu Utopic):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eglibc - 2.11.1-0ubuntu7.19

---------------
eglibc (2.11.1-0ubuntu7.19) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service in IBM gconv modules
    - debian/patches/any/CVE-2012-6656.diff: fix check in
      iconvdata/ibm930.c.
    - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
      iconvdata/ibm*.c.
    - CVE-2012-6656
    - CVE-2014-6040
  * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
    - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
      posix/wordexp.c, added tests to posix/wordexp-test.c.
    - CVE-2014-7817
 -- Marc Deslauriers <email address hidden> Tue, 02 Dec 2014 11:24:33 -0500

Changed in eglibc (Ubuntu Lucid):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eglibc - 2.19-0ubuntu6.4

---------------
eglibc (2.19-0ubuntu6.4) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service in IBM gconv modules
    - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
      iconvdata/ibm*.c.
    - CVE-2014-6040
  * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
    - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
      posix/wordexp.c, added tests to posix/wordexp-test.c.
    - CVE-2014-7817
 -- Marc Deslauriers <email address hidden> Mon, 01 Dec 2014 12:05:33 -0500

Changed in eglibc (Ubuntu Trusty):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eglibc - 2.15-0ubuntu10.9

---------------
eglibc (2.15-0ubuntu10.9) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service in IBM gconv modules
    - debian/patches/any/CVE-2012-6656.diff: fix check in
      iconvdata/ibm930.c.
    - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
      iconvdata/ibm*.c.
    - CVE-2012-6656
    - CVE-2014-6040
  * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
    - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
      posix/wordexp.c, added tests to posix/wordexp-test.c.
    - CVE-2014-7817
 -- Marc Deslauriers <email address hidden> Tue, 02 Dec 2014 11:21:12 -0500

Changed in eglibc (Ubuntu Precise):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glibc - 2.19-13ubuntu3

---------------
glibc (2.19-13ubuntu3) vivid; urgency=medium

  * any/cvs-CVE-2014-7817.diff: Backport fix from trunk for wordexp,
    making it honour the WRDE_NOCMD flag in all cases (LP: #1396471)
  * Update to release/2.19/master, fixing arm64 frame bug in _start.
 -- Adam Conrad <email address hidden> Thu, 04 Dec 2014 16:56:41 -0700

Changed in glibc (Ubuntu Vivid):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.