Details
It was discovered that GNU C Library incorrectly handled netgroup requests.
An attacker could possibly use this issue to cause a crash or execute arbitrary code.
This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9984)
It was discovered that GNU C Library might allow context-dependent
attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.
(CVE-2015-20109)
It was discovered that GNU C Library when processing very long pathname arguments to
the realpath function, could encounter an integer overflow on 32-bit
architectures, leading to a stack-based buffer overflow and, potentially,
arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.
(CVE-2018-11236)
It was discovered that the GNU C library getcwd function incorrectly
handled buffers. An attacker could use this issue...
It was discovered that GNU C Library incorrectly handled netgroup requests.
An attacker could possibly use this issue to cause a crash or execute arbitrary code.
This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9984)
It was discovered that GNU C Library might allow context-dependent
attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.
(CVE-2015-20109)
It was discovered that GNU C Library when processing very long pathname arguments to
the realpath function, could encounter an integer overflow on 32-bit
architectures, leading to a stack-based buffer overflow and, potentially,
arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.
(CVE-2018-11236)
It was discovered that the GNU C library getcwd function incorrectly
handled buffers. An attacker could use this issue to cause the GNU C
Library to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-3999)
Charles Fol discovered that the GNU C Library iconv feature incorrectly
handled certain input sequences. An attacker could use this issue to cause
the GNU C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2024-2961)
Update instructions
After a standard system update you need to reboot your computer to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Ubuntu Release | Package Version | ||
---|---|---|---|
18.04 bionic | libc6 – 2.27-3ubuntu1.6+esm2 | ||
16.04 xenial | libc6 – 2.23-0ubuntu11.3+esm6 | ||
14.04 trusty | libc6 – 2.19-0ubuntu6.15+esm3 |
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.