Release Info

Advisory: CLSA-2021:1635459187

OS: Ubuntu 16.04 ELS

Public date: 2021-10-28 00:00:00

Project: glibc

Version: 2.23-0ubuntu11.4

Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2021-1635459187.html

Changelog

* debian/patches/any/add-pthread-attr-copy.patch: adopt pthread_attr_copy functionality. * debian/patches/any/add-test-for-pthread-attr-copy.patch: add test case for it. * SECURITY UPDATE: Use-after-free in mq_notify - debian/patches/any/CVE-2021-33574.patch: use __pthread_attr_copy to completely duplicate thread attribute, avoid NULL pointer dereference in helper_thread as per CVE-2021-38604. - CVE-2021-33574 - CVE-2021-38604 * SECURITY UPDATE: Out-of-bounds read in wordexp - debian/patches/any/CVE-2021-35942.patch: use strtoul and 'unsigned long' to prevent signed integer overflow in array index. - CVE-2021-35942

Update

Packages list

glibc-doc_2.23-0ubuntu11.4_all.deb glibc-source_2.23-0ubuntu11.4_all.deb libc-bin_2.23-0ubuntu11.4_amd64.deb libc-dev-bin_2.23-0ubuntu11.4_amd64.deb libc6_2.23-0ubuntu11.4_amd64.deb libc6-dev_2.23-0ubuntu11.4_amd64.deb libc6-dev-i386_2.23-0ubuntu11.4_amd64.deb libc6-dev-x32_2.23-0ubuntu11.4_amd64.deb libc6-i386_2.23-0ubuntu11.4_amd64.deb libc6-pic_2.23-0ubuntu11.4_amd64.deb libc6-x32_2.23-0ubuntu11.4_amd64.deb locales_2.23-0ubuntu11.4_all.deb locales-all_2.23-0ubuntu11.4_amd64.deb multiarch-support_2.23-0ubuntu11.4_amd64.deb nscd_2.23-0ubuntu11.4_amd64.deb

CVEs

CVE-2021-38604
CVE-2021-33574
CVE-2021-35942