Univention Bugzilla – Bug 29145
eglibc: Multiple issues (3.1)
Last modified: 2019-04-11 19:25:48 CEST
+++ This bug was initially created as a clone of Bug #25842 +++ \item Unzureichende Fehlerbehandlung in addmntent-Helper (CVE-2011-1089) \item Unzureichende Speicherallozierung bei der Verwaltung von Formatstrings (CVE-2012-3404) \item Fehlerhafte Speicherverwaltung mit alloca() (CVE-2012-3405, CVE-2012-3406) \item Integeroverflows in der Speicherallokation der strto-Funktionen (CVE-2012-3480) \item Stackoverflow in strcoll() (CVE-2012-4424) \item Integeroverflow in strcoll() (CVE-2012-4412)
Denial of service when processing regular expressions with multibyte characters (CVE-2013-0242)
stack overflow in getaddrinfo() (CVE-2013-1914)
PTR_MANGLE encrypts pointers as a countermeasure against buffer overflows. When linking statically, this mangling doesn't work correctly. The impact on UCS is negligable, since the software shipped in UCS/Debian is dynamically linked (with very few exceptions). CVE-2013-4788
Insecure pseudotty ownership changes in pt_chown (CVE-2013-2207)
Missing sanitising for path length in readdir_r() (CVE-2013-4237)
Multiple integer overflows in pvalloc(), valloc() and posix_memalign/memalign/aligned_alloc() (CVE-2013-4332)
Stack overflow in getaddrinfo() (CVE-2013-4357)
Stack frame overflow in getaddrinfo() for Ipv6 sockets (CVE-2013-4458)
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014. The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes. Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.