USN-3323-1: GNU C Library vulnerability

Discussion in 'Security' started by Ubuntu Security Notices, Jun 19, 2017.

  1. Ubuntu Security Notice USN-3323-1


    19th June, 2017

    eglibc, glibc vulnerability


    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 17.04
    • Ubuntu 16.10
    • Ubuntu 16.04 LTS
    • Ubuntu 14.04 LTS
    Summary


    Gnu C library could be made to run programs as an administrator.

    Software description

    • eglibc - GNU C Library
    • glibc - GNU C Library
    Details


    It was discovered that the GNU C library did not properly handle memory
    when processing environment variables for setuid programs. A local attacker
    could use this in combination with another vulnerability to gain
    administrative privileges.

    Update instructions


    The problem can be corrected by updating your system to the following package version:

    Ubuntu 17.04:
    libc6 2.24-9ubuntu2.2
    Ubuntu 16.10:
    libc6 2.24-3ubuntu2.2
    Ubuntu 16.04 LTS:
    libc6 2.23-0ubuntu9
    Ubuntu 14.04 LTS:
    libc6 2.19-0ubuntu6.13

    To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to reboot your computer to make
    all the necessary changes.

    References


    CVE-2017-1000366

    Continue reading...
     

Share This Page