USN-2328-1: GNU C Library vulnerability

Ubuntu Security Notice USN-2328-1

28th August, 2014

eglibc vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary

Certain applications could be made to crash or run programs as an administrator.

Software description

  • eglibc - GNU C Library

Details

Tavis Ormandy and John Haxby discovered that the GNU C Library contained an
off-by-one error when performing transliteration module loading. A local
attacker could exploit this to gain administrative privileges.
(CVE-2014-5119)

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS
and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a
regression with localplt on PowerPC. This update fixes the problem. We
apologize for the inconvenience.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
libc6 2.19-0ubuntu6.3
Ubuntu 12.04 LTS:
libc6 2.15-0ubuntu10.7
Ubuntu 10.04 LTS:
libc6 2.11.1-0ubuntu7.16

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2014-5119