Ubuntu

“eglibc” 2.11.1-0ubuntu7.10 source package in The Lucid Lynx

Publishing history

2.11.1-0ubuntu7.10
SUPERSEDED: Lucid pocket Updates in component main and section libs
  • Removed from disk on 2012-10-03.
  • Removal requested on 2012-10-03.
  • Superseded on 2012-10-02 by eglibc - 2.11.1-0ubuntu7.11
  • Published on 2012-03-09
  • Copied from ubuntu lucid in Private PPA for Ubuntu Security Team
2.11.1-0ubuntu7.10
SUPERSEDED: Lucid pocket Security in component main and section libs
  • Removed from disk on 2012-10-03.
  • Removal requested on 2012-10-03.
  • Superseded on 2012-10-02 by eglibc - 2.11.1-0ubuntu7.11
  • Published on 2012-03-09
  • Copied from ubuntu lucid in Private PPA for Ubuntu Security Team

Builds

Changelog

eglibc (2.11.1-0ubuntu7.10) lucid-security; urgency=low

  * SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961)
    - debian/patches/any/glibc-CVE-2009-5029.patch: Check values from
      TZ file header
    - CVE-2009-5029
  * SECURITY UPDATE: memory consumption denial of service in fnmatch
    - debian/patches/any/glibc-CVE-2011-1071.patch: avoid too much
      stack use in fnmatch.
    - CVE-2011-1071
  * SECURITY UPDATE: /etc/mtab corruption denial of service
    - debian/patches/any/glibc-CVE-2011-1089.patch: Report write
      error in addmnt even for cached streams
    - CVE-2011-1089
  * SECURITY UPDATE: insufficient locale environment sanitization
    - debian/patches/any/glibc-CVE-2011-1095.patch: escape contents of
      LANG environment variable.
    - CVE-2011-1095
  * SECURITY UPDATE: ld.so insecure handling of privileged programs'
    RPATHs with $ORIGIN
    - debian/patches/any/glibc-CVE-2011-1658.patch: improve handling of
      RPATH and ORIGIN
    - CVE-2011-1658
  * SECURITY UPDATE: fnmatch integer overflow
    - debian/patches/any/glibc-CVE-2011-1659.patch: check size of
      pattern in wide character representation
    - CVE-2011-1659
  * SECURITY UPDATE: signedness bug in memcpy_ssse3
    - debian/patches/any/glibc-CVE-2011-2702.patch: use unsigned
      comparison instructions
    - CVE-2011-2702
  * SECURITY UPDATE: DoS in RPC implementation (LP: #901716)
    - debian/patches/any/glibc-CVE-2011-4609.patch: nanosleep when too
      many open fds is detected
    - CVE-2011-4609
  * SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
    check bypass
    - debian/patches/any/glibc-CVE-2012-0864.patch: check for integer
      overflow
    - CVE-2012-0864
  * debian/testsuite-checking/expected-results-x86_64-linux-gnu-libc,
    debian/testsuite-checking/expected-results-i686-linux-gnu-i386,
    debian/testsuite-checking/expected-results-arm-linux-gnueabi-libc:
    update for pre-existing testsuite failures that prevents FTBFS
    when the testsuite is enabled.
 -- Steve Beattie <email address hidden>   Wed, 07 Mar 2012 10:28:32 -0800