USN-2328-1: GNU C Library vulnerability

29 August 2014

eglibc vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary

Certain applications could be made to crash or run programs as an administrator.

Software Description

  • eglibc - GNU C Library

Details

Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. (CVE-2014-5119)

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a regression with localplt on PowerPC. This update fixes the problem. We apologize for the inconvenience.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS
libc6 - 2.19-0ubuntu6.3
Ubuntu 12.04 LTS
libc6 - 2.15-0ubuntu10.7
Ubuntu 10.04 LTS
libc6 - 2.11.1-0ubuntu7.16

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References