USN-2485-1: GNU C Library vulnerability

Ubuntu Security Notice USN-2485-1


27th January, 2015


eglibc vulnerability


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 12.04 LTS

  • Ubuntu 10.04 LTS


Summary


The GNU C Library could be made to crash or run programs.


Software description



  • eglibc - GNU C Library


Details


It was discovered that a buffer overflow existed in the gethostbyname

and gethostbyname2 functions in the GNU C Library. An attacker could

use this issue to execute arbitrary code or cause an application crash,

resulting in a denial of service.


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 12.04 LTS:

libc6 2.15-0ubuntu10.10

Ubuntu 10.04 LTS:

libc6 2.11.1-0ubuntu7.20


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


After a standard system update you need to reboot your computer to make

all the necessary changes.


References


CVE-2015-0235






from Ubuntu Security Notices http://bit.ly/1zqTjvk