Ubuntu
glibc package

glibc 2.31-0ubuntu9.7 source package in Ubuntu

Changelog

glibc (2.31-0ubuntu9.7) focal-security; urgency=medium

  * SECURITY UPDATE: infinite loop in iconv
    - debian/patches/any/CVE-2016-10228-1.patch: rewrite iconv option
      parsing in iconv/Makefile, iconv/Versions, iconv/gconv_charset.c,
      iconv/gconv_charset.h, iconv/gconv_int.h, iconv/gconv_open.c,
      iconv/iconv_open.c, iconv/iconv_prog.c, iconv/tst-iconv-opt.c,
      iconv/tst-iconv_prog.sh, intl/dcigettext.c.
    - debian/patches/any/CVE-2016-10228-2.patch: handle translation output
      codesets with suffixes in iconv/Versions, iconv/gconv_charset.c,
      iconv/gconv_charset.h, iconv/gconv_int.h, iconv/iconv_open.c,
      iconv/iconv_prog.c, intl/dcigettext.c, intl/tst-codeset.c.
    - CVE-2016-10228
  * SECURITY UPDATE: buffer over-read in iconv
    - debian/patches/any/CVE-2019-25013.patch: fix buffer overrun in EUC-KR
      conversion module in iconvdata/bug-iconv13.c, iconvdata/euc-kr.c,
      iconvdata/ksc5601.h.
    - CVE-2019-25013
  * SECURITY UPDATE: another infinite loop in iconv
    - debian/patches/any/CVE-2020-27618.patch: fix issue in
      iconv/tst-iconv_prog.sh, iconvdata/ibm1364.c.
    - CVE-2020-27618
  * SECURITY UPDATE: DoS via assert in iconv
    - debian/patches/any/CVE-2020-29562.patch: fix incorrect UCS4 inner
      loop bounds in iconv/Makefile, iconv/gconv_simple.c,
      iconv/tst-iconv8.c.
    - CVE-2020-29562
  * SECURITY UPDATE: signed comparison issue in ARMv7 memcpy
    - debian/patches/any/CVE-2020-6096-pre1.patch: add
      support_blob_repeat_allocate_shared in support/blob_repeat.c,
      support/blob_repeat.h, support/tst-support_blob_repeat.c.
    - debian/patches/any/CVE-2020-6096-1.patch: add test case in
      string/Makefile, string/tst-memmove-overflow.c.
    - debian/patches/any/CVE-2020-6096-2.patch: mark test as as XFAIL in
      string/tst-memmove-overflow.c, sysdeps/arm/Makefile.
    - debian/patches/any/CVE-2020-6096-3.patch: fix memcpy and memmove for
      negative length  in sysdeps/arm/memcpy.S, sysdeps/arm/memmove.S.
    - debian/patches/any/CVE-2020-6096-4.patch: fix multiarch memcpy for
      negative length in sysdeps/arm/armv7/multiarch/memcpy_impl.S.
    - debian/patches/any/CVE-2020-6096-5.patch: remove
      string/tst-memmove-overflow XFAIL in sysdeps/arm/Makefile.
    - CVE-2020-6096
  * SECURITY UPDATE: double-free in nscd
    - debian/patches/any/CVE-2021-27645.patch: track live allocation better
      in nscd/netgroupcache.c.
    - CVE-2021-27645
  * SECURITY UPDATE: assertion fail in iconv
    - debian/patches/any/CVE-2021-3326.patch: fix assertion failure in
      ISO-2022-JP-3 module in iconvdata/Makefile, iconvdata/bug-iconv14.c,
      iconvdata/iso-2022-jp-3.c.
    - CVE-2021-3326
  * SECURITY UPDATE: overflow in wordexp via crafted pattern
    - debian/patches/any/CVE-2021-35942.patch: handle overflow in
      positional parameter number in posix/wordexp-test.c, posix/wordexp.c.
    - CVE-2021-35942
  * SECURITY UPDATE: Off-by-one buffer overflow/underflow in getcwd()
    - debian/patches/any/CVE-2021-3999.patch: set errno to ERANGE for
      size == 1 in sysdeps/posix/getcwd.c.
    - CVE-2021-3999
  * SECURITY UPDATE: DoS via long svcunix_create path argument
    - debian/patches/any/CVE-2022-23218-pre1.patch: add the
      __sockaddr_un_set function in include/sys/un.h, socket/Makefile,
      socket/sockaddr_un_set.c, socket/tst-sockaddr_un_set.c.
    - debian/patches/any/CVE-2022-23218.patch: fix buffer overflow in
      sunrpc/svc_unix.c.
    - CVE-2022-23218
  * SECURITY UPDATE: DoS via long clnt_create hostname argument
    - debian/patches/any/CVE-2022-23219.patch: fix buffer overflow in
      sunrpc/clnt_gen.c.
    - CVE-2022-23219
  * debian/rules.d/build.mk: build with --with-default-link=no.
  * This package does _NOT_ contain the changes from (2.31-0ubuntu9.5) in
    focal-proposed.

 -- Marc Deslauriers <email address hidden>  Thu, 24 Feb 2022 14:42:40 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
glibc_2.31.orig.tar.xz 16.5 MiB 2b22c7b04a36747d6c74796a73193a6f8856bfd1efc551b5db96baefa053fe5e
glibc_2.31-0ubuntu9.7.debian.tar.xz 850.1 KiB b6cb39b8e2b8d91dac7885fa71a0eb9a7935d9dc6815c18222632612d40f74f4
glibc_2.31-0ubuntu9.7.dsc 9.3 KiB 4b8fac4696fae5bf4625c573415aad26a3c603258284b9fde293dc742ac5dae8

View changes file

Binary packages built by this source

glibc-doc: GNU C Library: Documentation

 Contains man pages for libpthread functions and the complete GNU C Library
 ChangeLog. The GNU C Library Reference manual has been moved into
 glibc-doc-reference for licensing reasons.

glibc-source: GNU C Library: sources

 This package contains the sources and patches which are needed to
 build glibc.

libc-bin: GNU C Library: Binaries

 This package contains utility programs related to the GNU C Library.
 .
  * catchsegv: catch segmentation faults in programs
  * getconf: query system configuration variables
  * getent: get entries from administrative databases
  * iconv, iconvconfig: convert between character encodings
  * ldd, ldconfig: print/configure shared library dependencies
  * locale, localedef: show/generate locale definitions
  * tzselect, zdump, zic: select/dump/compile time zones

libc-bin-dbgsym: debug symbols for libc-bin
libc-dev-bin: GNU C Library: Development binaries

 This package contains utility programs related to the GNU C Library
 development package.

libc-dev-bin-dbgsym: debug symbols for libc-dev-bin
libc6: GNU C Library: Shared libraries

 Contains the standard libraries that are used by nearly all programs on
 the system. This package includes shared versions of the standard C library
 and the standard math library, as well as many others.

libc6-amd64: GNU C Library: 64bit Shared libraries for AMD64

 This package includes shared versions of the standard C library and the
 standard math library, as well as many others. This is the 64bit version
 of the library, meant for AMD64 systems.

libc6-amd64-dbgsym: debug symbols for libc6-amd64
libc6-armel: GNU C Library: ARM softfp shared libraries for armhf

 This package includes shared versions of the standard C
 library and the standard math library, as well as many others.
 This is the ARM softfp version of the library, meant for armhf systems.

libc6-armel-dbgsym: debug symbols for libc6-armel
libc6-dbg: GNU C Library: detached debugging symbols

 This package contains the detached debugging symbols for the GNU C
 library.

libc6-dev: GNU C Library: Development Libraries and Header Files

 Contains the symlinks, headers, and object files needed to compile
 and link programs which use the standard C library.

libc6-dev-amd64: GNU C Library: 64bit Development Libraries for AMD64

 Contains the symlinks and object files needed to compile and link programs
 which use the standard C library. This is the 64bit version of the
 library, meant for AMD64 systems.

libc6-dev-armel: GNU C Library: ARM softfp development libraries for armhf

 Contains the symlinks and object files needed to compile and link programs
 which use the standard C library. This is the ARM softfp version of the
 library, meant for armhf systems.

libc6-dev-i386: GNU C Library: 32-bit development libraries for AMD64

 Contains the symlinks and object files needed to compile and link programs
 which use the standard C library. This is the 32bit version of the
 library, meant for AMD64 systems.

libc6-dev-s390: GNU C Library: 32bit Development Libraries for IBM zSeries

 Contains the symlinks and object files needed to compile and link programs
 which use the standard C library. This is the 32bit version of the
 library.

libc6-dev-x32: GNU C Library: X32 ABI Development Libraries for AMD64

 Contains the symlinks and object files needed to compile and link programs
 which use the standard C library. This is the X32 ABI version of the
 library, meant for amd64 systems.

libc6-i386: GNU C Library: 32-bit shared libraries for AMD64

 This package includes shared versions of the standard C
 library and the standard math library, as well as many others.
 This is the 32bit version of the library, meant for AMD64 systems.

libc6-i386-dbgsym: debug symbols for libc6-i386
libc6-lse: Dummy package.

 This package used to contain libraries optimized to support the "large
 system extensions", but such support is now contained in the base libraries
 in a way that works on all systems. This package is empty and can safely be
 removed.

libc6-pic: GNU C Library: PIC archive library

 Contains an archive library (ar file) composed of individual shared objects.
 This is used for creating a library which is a smaller subset of the
 standard libc shared library. The reduced library is used by debian-installer
 and may be useful for custom installation media and in embedded systems.

libc6-prof: GNU C Library: Shared Libraries

 Contains the standard libraries that are used by nearly all programs on
 the system. This package includes shared versions of the standard C library
 and the standard math library, as well as many others.
 .
 This package contains all libraries compiled for profiling.

libc6-s390: GNU C Library: 32bit Shared libraries for IBM zSeries

 This package includes shared versions of the standard C library and the
 standard math library, as well as many others. This is the 32bit version
 of the library.

libc6-s390-dbgsym: debug symbols for libc6-s390
libc6-udeb: GNU C Library: Shared libraries - udeb

 Contains the standard libraries that are used by nearly all programs on
 the system. This package includes shared versions of the standard C library
 and the standard math library, as well as many others.
 .
 This package contains a minimal set of libraries needed for the Debian
 installer. Do not install it on a normal system.

libc6-x32: GNU C Library: X32 ABI Shared libraries for AMD64

 This package includes shared versions of the standard C library and the
 standard math library, as well as many others. This is the X32 ABI version
 of the library, meant for AMD64 systems.

libc6-x32-dbgsym: debug symbols for libc6-x32
locales: GNU C Library: National Language (locale) data [support]

 Machine-readable data files, shared objects and programs used by the
 C library for localization (l10n) and internationalization (i18n) support.
 .
 This package contains tools to generate locale definitions from source
 files (included in this package). It allows you to customize which
 definitions actually get generated. This is a space-saver over how this
 package used to be, with all locales generated by default. This created
 a package that unpacked to an excess of 30 megs.

locales-all: GNU C Library: Precompiled locale data

 This package contains the precompiled locale data for all supported locales.
 A better alternative is to install the locales package and only select
 desired locales, but it can be useful on a low-memory machine because some
 locale files take a lot of memory to be compiled.

nscd: GNU C Library: Name Service Cache Daemon

 A daemon which handles passwd, group and host lookups
 for running programs and caches the results for the next
 query. You should install this package only if you use
 slow services like LDAP, NIS or NIS+.

nscd-dbgsym: debug symbols for nscd