Showing 1 - 3 of 3

CVE-2013-4357

Status Candidate

Overview

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

Ubuntu Security Notice USN-2306-3: Posted Sep 8, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2306-3 - USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Stephane Chazelas discovered that the GNU C Library incorrectly handled locale environment variables. An attacker could use this issue to possibly bypass certain restrictions such as the ForceCommand restrictions in OpenSSH. David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C Library incorrectly handled posix_spawn_file_actions_addopen() path arguments. An attacker could use this issue to cause a denial of service. Various other issues were also addressed.; tags | advisory, denial of service, vulnerability, memory leak; systems | linux, osx, ubuntu; advisories | CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043; SHA-256 | f2603aa7d9226b9f4831dcb8df5250b85e04ad8455ad6664e7dbbc9ad9a8c435; Download | Favorite | View

Ubuntu Security Notice USN-2306-2: Posted Aug 5, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2306-2 - USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the security update cause a regression in certain environments that use the Name Service Caching Daemon (nscd), such as those configured for LDAP or MySQL authentication. In these environments, the nscd daemon may need to be stopped manually for name resolution to resume working so that updates can be downloaded, including environments configured for unattended updates. Various other issues were also addressed.; tags | advisory, vulnerability; systems | linux, ubuntu; advisories | CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043; SHA-256 | 85b1f00c2d58351a28e5e5bf4fbb3b0ca4c61a877b00712d9431223f7f23c474; Download | Favorite | View

Ubuntu Security Notice USN-2306-1: Posted Aug 4, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2306-1 - Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Various other issues were also addressed.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043; SHA-256 | d3ab72f234d3127e89f898188c884fa871546397dcd29ae63cfb9595750ab3ac; Download | Favorite | View

Page 1 of 1 Back 1 Next