Univention Bugzilla – Bug 55326
glibc: Multiple issues (5.0)
Last modified: 2022-10-20 13:41:19 CEST
New Debian glibc 2.28-10+deb10u2 fixes: This update addresses the following issues: 2.28-10+deb10u1 (Tue, 15 Mar 2022 23:48:49 +0100) [ Aurelien Jarno ] * debian/patches/git-updates.diff: update from upstream stable branch : - Add more integrity check to malloc() function. - Fix crash in _IO_wfile_sync. - Fix bad free() in libdl if dlerror() is not used.. - Fix overflow in glibc.malloc.tcache_count tunable. - Fix old x86 applications crash on exit() under valgrind. - Remove copy_file_range emulation. The kernel interface has at evolved and the glibc emulation doesn't match it anymore, so it's better for it to return -ENOSYS. This only impacts Linux kernels << 4.8. - Avoid lazy binding of symbols that may follow a variant PCS on arm64, to support binaries using AdvSIMD and SVE vector calls. - Fix large mmap64 offset for the N32 ABI on mips/mipsel/mips64el. - Improve string functions performances on arm64. * debian/patches/any/git-libio-stdout-putc.diff: refresh. * debian/debhelper.in/libc.preinst: simplify the version comparison by only comparing the two first parts, now that kernel 2.X are not supported anymore.. * debian/debhelper.in/libc.preinst: drop the check for kernel release > 255 now that glibc and preinstall script are fixed.. * iconv program can hang when invoked with the -c option (CVE-2016-10228) * LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126) * buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013) * use-after-free in glob() function when expanding ~user (CVE-2020-1752) * signed comparison vulnerability in the ARMv7 memcpy function (CVE-2020-6096) * stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029) * iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop (CVE-2020-27618) * Assertion failure in ISO-2022-JP-3 gconv module related to combining characters (CVE-2021-3326) * Off-by-one buffer overflow/underflow in getcwd() (CVE-2021-3999) * Use-after-free in addgetnetgrentX function in netgroupcache.c (CVE-2021-27645) * mq_notify does not handle separately allocated thread attributes (CVE-2021-33574) * Arbitrary read in wordexp() (CVE-2021-35942) * Stack-based buffer overflow in svcunix_create via long pathnames (CVE-2022-23218) * Stack-based buffer overflow in sunrpc clnt_create via a long pathname (CVE-2022-23219)
--- mirror/ftp/pool/main/g/glibc/glibc_2.28-10+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/glibc_2.28-10+deb10u2.dsc @@ -1,3 +1,21 @@ +2.28-10+deb10u2 [Sat, 08 Oct 2022 17:53:16 +0200] Helmut Grohne <helmut@subdivi.de>: + + * Non-maintainer upload by LTS team. + * CVE-2016-10228 iconv option parsing Closes: #856503 + * CVE-2019-19126 setuid environment filtering Closes: #945250 + * CVE-2019-25013 oob read in iconv Closes: #979273 + * CVE-2020-1752 use after free in glob Closes: #953788 + * CVE-2020-6096 [arm] memcpy underflow Closes: #961452 + * CVE-2020-10029 sinl buffer overflow Closes: #953108 + * CVE-2020-27618 iconv infinite loop Closes: #973914 + * CVE-2021-3326 iconv abort Closes: #981198 + * CVE-2021-3999 oob write for getcwd size 1 + * CVE-2021-27645 nscd double free Closes: #983479 + * CVE-2021-33574 mq_notify use after free Closes: #989147 + * CVE-2021-35942 wordexp input validation Closes: #990542 + * CVE-2022-23218 svcunix_create buffer overflow + * CVE-2022-23219 clnt_create buffer overflow + 2.28-10+deb10u1 [Tue, 15 Mar 2022 23:48:49 +0100] Aurelien Jarno <aurel32@debian.org>: [ Aurelien Jarno ] <http://piuparts.knut.univention.de/5.0-2/#2441511648471421374>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] ea45314a93 Bug #55326: glibc 2.28-10+deb10u2 doc/errata/staging/glibc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [5.0-2] 2fdb0baa34 Bug #55326: glibc 2.28-10+deb10u2 doc/errata/staging/glibc.yaml | 49 +++++++++++++------------------------------ 1 file changed, 15 insertions(+), 34 deletions(-) [5.0-2] b7f900974e Bug #55326: glibc 2.28-10+deb10u2 doc/errata/staging/glibc.yaml | 66 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x462>