Univention Bugzilla – Bug 46617
glibc: Multiple issues (4.3)
Last modified: 2018-05-16 17:03:58 CEST
New Debian glibc 2.24-11+deb9u3 fixes: This update addresses the following issue(s): * The DNS stub resolver, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attackers due to IP fragmentation. (CVE-2017-12133) * Fix a buffer overrun in rpcgen. * Fix strlen on null pointer in nss_nisplus. * Fix invalid cast in group merging affecting ppc64 and s390x. * Define collation for Malayalam chillu characters. * Correct collation of U+0D36 and U+0D37 Malayalam characters. CVE-2017-12133 glibc: Use-after-free read access in clntudp_call in sunrpc
[4.3-0] 604e7c60f7 Bug #46617: glibc_2.24-11+deb9u3
--- mirror/ftp/4.3/unmaintained/4.3-0/source/glibc_2.24-11+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-0/source/glibc_2.24-11+deb9u3.dsc @@ -1,3 +1,45 @@ +2.24-11+deb9u3 [Sun, 14 Jan 2018 11:39:44 +0100] Aurelien Jarno <aurel32@debian.org>: + + [ Aurelien Jarno ] + * debian/rules.d/debhelper.mk: install the libc-otherbuild postinst and + postrm in the libc6-i686 transitional package, to make sure + /etc/ld.so.nohwcap is correctly removed after an upgrade. Closes: + #883394. + +2.24-11+deb9u2 [Fri, 01 Dec 2017 21:09:18 +0100] Aurelien Jarno <aurel32@debian.org>: + + [ Aurelien Jarno ] + * debian/control.in/x32: Add a gcc-multilib Recommends for libc6-dev-x32. + * debian/patches/git-updates.diff: update from upstream stable branch: + - debian/patches/any/submitted-perl-inc.diff: drop, merged upstream. + - debian/patches/any/cvs-remove-pid-tid-cache-clone.diff: drop, merged + upstream. + - debian/patches/any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff: + drop, merged upstream. + - debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: drop, + merged upstream. + - debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff: drop, + merged upstream. + - debian/patches/any/cvs-vectorized-strcspn-guards.diff: drop, merged + upstream. + - debian/patches/any/cvs-hwcap-AT_SECURE.diff: drop, merged upstream. + - Avoid use-after-free read access in clntudp_call (CVE-2017-12133). + Closes: #870648. + - Fix compatibility with Intel C++ __regcall calling convention. Closes: + #881850. + - Fix a buffer overrun in rpcgen. + - Fix strlen on null pointer in nss_nisplus. + - Fix invalid cast in group merging affecting ppc64 and s390x. + - Define collation for Malayalam chillu characters. + - Correct collation of U+0D36 and U+0D37 Malayalam characters. + * debian/script.in/nohwcap.sh: always check for all optimized packages + as multiarch allows one to install foreign architectures. Closes: + #882272. + + [ Santiago Vila ] + * debian/debhelper.in/libc-bin.postinst: do not update /etc/nsswitch.conf + when its content already matches the default. Closes: #865144. + 2.24-11+deb9u1 [Thu, 15 Jun 2017 21:17:14 +0200] Aurelien Jarno <aurel32@debian.org>: * debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff,
* No UCS specific patches * Comparison to previously shipped version ok * Binary package update Ok * Advisory Ok
<http://errata.software-univention.de/ucs/4.3/52.html>