USN-3323-1: GNU C Library vulnerability

Discussion in 'Security' started by Ubuntu Security Notices, Jun 19, 2017.

Thread Status:
This thread is more than 60 days old.
  1. Ubuntu Security Notice USN-3323-1

    19th June, 2017

    eglibc, glibc vulnerability

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 17.04
    • Ubuntu 16.10
    • Ubuntu 16.04 LTS
    • Ubuntu 14.04 LTS

    Gnu C library could be made to run programs as an administrator.

    Software description

    • eglibc - GNU C Library
    • glibc - GNU C Library

    It was discovered that the GNU C library did not properly handle memory
    when processing environment variables for setuid programs. A local attacker
    could use this in combination with another vulnerability to gain
    administrative privileges.

    Update instructions

    The problem can be corrected by updating your system to the following package version:

    Ubuntu 17.04:
    libc6 2.24-9ubuntu2.2
    Ubuntu 16.10:
    libc6 2.24-3ubuntu2.2
    Ubuntu 16.04 LTS:
    libc6 2.23-0ubuntu9
    Ubuntu 14.04 LTS:
    libc6 2.19-0ubuntu6.13

    To update your system, please follow these instructions:

    After a standard system update you need to reboot your computer to make
    all the necessary changes.



    Continue reading...
Thread Status:
This thread is more than 60 days old.

Share This Page