CVE 2014-0475
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
Related bugs and status
CVE-2014-0475 (Candidate) is related to these bugs:
Bug #990982: [Multiarch] libfreetype6-dev:i386 dependencies issue
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 990982 | [Multiarch] libfreetype6-dev:i386 dependencies issue | freetype (Ubuntu) | Wishlist | Fix Released | ||
| 990982 | [Multiarch] libfreetype6-dev:i386 dependencies issue | glibc (Ubuntu) | Wishlist | Fix Released | ||
Bug #1005097: libc6-dev Recommends: gcc
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1005097 | libc6-dev Recommends: gcc | glibc (Ubuntu) | Undecided | Fix Released | ||
Bug #1341569: Shared libraries built with multiple tocs resolve plt to local function entry
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1341569 | Shared libraries built with multiple tocs resolve plt to local function entry | glibc (Ubuntu) | Undecided | Fix Released | ||
| 1341569 | Shared libraries built with multiple tocs resolve plt to local function entry | glibc (Ubuntu Utopic) | Undecided | Won't Fix | ||
| 1341569 | Shared libraries built with multiple tocs resolve plt to local function entry | glibc (Ubuntu Trusty) | Undecided | New | ||
Bug #1352504: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1352504 | Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname | eglibc (Ubuntu) | Undecided | Invalid | ||
| 1352504 | Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname | eglibc (Ubuntu Trusty) | Undecided | Invalid | ||
| 1352504 | Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname | eglibc (Ubuntu Utopic) | Undecided | Invalid | ||
| 1352504 | Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname | eglibc (Ubuntu Lucid) | Critical | Fix Released | ||
| 1352504 | Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname | eglibc (Ubuntu Precise) | Undecided | Invalid | ||
Bug #1362409: please fix CVE-2014-5119
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1362409 | please fix CVE-2014-5119 | glibc (Ubuntu) | High | Fix Released | ||
| 1362409 | please fix CVE-2014-5119 | eglibc (Ubuntu) | Undecided | Won't Fix | ||
| 1362409 | please fix CVE-2014-5119 | eglibc (Ubuntu Trusty) | High | Fix Released | ||
| 1362409 | please fix CVE-2014-5119 | eglibc (Ubuntu Lucid) | High | Fix Released | ||
| 1362409 | please fix CVE-2014-5119 | eglibc (Ubuntu Utopic) | Undecided | Won't Fix | ||
| 1362409 | please fix CVE-2014-5119 | glibc (Ubuntu Utopic) | High | Fix Released | ||
| 1362409 | please fix CVE-2014-5119 | eglibc (Ubuntu Precise) | High | Fix Released | ||
Bug #1381656: obsolete config: /etc/ld.so.conf.d/i686-linux-gnu.conf
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1381656 | obsolete config: /etc/ld.so.conf.d/i686-linux-gnu.conf | glibc (Ubuntu) | Undecided | Fix Released | ||
Bug #1418239: systemtap support needs sys/sdt.h with asm support error
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1418239 | systemtap support needs sys/sdt.h with asm support error | glibc (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
