Release 0.275.0 · cloudfoundry/cflinuxfs3

Notably, this release addresses:

USN-5310-1 USN-5310-1: GNU C Library vulnerabilities:

CVE-2020-27618: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
CVE-2021-3326: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2020-6096: An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.
CVE-2021-27645: The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
CVE-2021-35942: The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
CVE-2021-3998: Unexpected return value from glibc's realpath()
CVE-2021-3999: Off-by-one buffer overflow/underflow in glibc's getcwd()
CVE-2022-23218: The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
CVE-2022-23219: The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
CVE-2021-3999: Off-by-one buffer overflow/underflow in glibc's getcwd()
CVE-2021-35942: The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
CVE-2019-25013: The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
CVE-2022-23219: The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
CVE-2021-3998: Unexpected return value from glibc's realpath()
CVE-2016-10228: The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
CVE-2020-29562: The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2021-3326: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
CVE-2020-27618: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
CVE-2021-27645: The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
CVE-2022-23218: The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
CVE-2020-6096: An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.

-ii  libc-bin                          2.27-3ubuntu1.4                     amd64 GNU C Library: Binaries
-ii  libc-dev-bin                      2.27-3ubuntu1.4                     amd64 GNU C Library: Development binaries
-ii  libc6:amd64                       2.27-3ubuntu1.4                     amd64 GNU C Library: Shared libraries
-ii  libc6-dev:amd64                   2.27-3ubuntu1.4                     amd64 GNU C Library: Development Libraries and Header Files
+ii  libc-bin                          2.27-3ubuntu1.5                     amd64 GNU C Library: Binaries
+ii  libc-dev-bin                      2.27-3ubuntu1.5                     amd64 GNU C Library: Development binaries
+ii  libc6:amd64                       2.27-3ubuntu1.5                     amd64 GNU C Library: Shared libraries
+ii  libc6-dev:amd64                   2.27-3ubuntu1.5                     amd64 GNU C Library: Development Libraries and Header Files
-ii  libsasl2-2:amd64                  2.1.27~101-g0780600+dfsg-3ubuntu2.3 amd64 Cyrus SASL - authentication abstraction library
-ii  libsasl2-dev                      2.1.27~101-g0780600+dfsg-3ubuntu2.3 amd64 Cyrus SASL - development files for authentication abstraction library
-ii  libsasl2-modules:amd64            2.1.27~101-g0780600+dfsg-3ubuntu2.3 amd64 Cyrus SASL - pluggable authentication modules
-ii  libsasl2-modules-db:amd64         2.1.27~101-g0780600+dfsg-3ubuntu2.3 amd64 Cyrus SASL - pluggable authentication modules (DB)
-ii  libsasl2-modules-gssapi-mit:amd64 2.1.27~101-g0780600+dfsg-3ubuntu2.3 amd64 Cyrus SASL - pluggable authentication modules (GSSAPI)
+ii  libsasl2-2:amd64                  2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 Cyrus SASL - authentication abstraction library
+ii  libsasl2-dev                      2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 Cyrus SASL - development files for authentication abstraction library
+ii  libsasl2-modules:amd64            2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 Cyrus SASL - pluggable authentication modules
+ii  libsasl2-modules-db:amd64         2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 Cyrus SASL - pluggable authentication modules (DB)
+ii  libsasl2-modules-gssapi-mit:amd64 2.1.27~101-g0780600+dfsg-3ubuntu2.4 amd64 Cyrus SASL - pluggable authentication modules (GSSAPI)
-ii  locales                           2.27-3ubuntu1.4                     all   GNU C Library: National Language (locale) data [support]
+ii  locales                           2.27-3ubuntu1.5                     all   GNU C Library: National Language (locale) data [support]
-ii  multiarch-support                 2.27-3ubuntu1.4                     amd64 Transitional package to ensure multiarch compatibility
+ii  multiarch-support                 2.27-3ubuntu1.5                     amd64 Transitional package to ensure multiarch compatibility
-ii  rsync                             3.1.2-2.1ubuntu1.2                  amd64 fast, versatile, remote (and local) file-copying tool
+ii  rsync                             3.1.2-2.1ubuntu1.3                  amd64 fast, versatile, remote (and local) file-copying tool

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

0.275.0