~ubuntu-branches/ubuntu/lucid/eglibc/lucid-security : changes

~ubuntu-branches/ubuntu/lucid/eglibc/lucid-security » Changes from revision 54

From Revision 48 to 29

Rev	Summary	Authors	Tags	Date
48	* SECURITY UPDATE: denial of service via buffer overflow in ... * SECURITY UPDATE: denial of service via buffer overflow in getaddrinfo - debian/patches/CVE-2013-4357.patch: fix overflow in include/alloca.h, nis/nss_nis/nis-alias.c, nscd/nscd_getserv_r.c, posix/glob.c, sysdeps/posix/getaddrinfo.c. - CVE-2013-4357 * SECURITY UPDATE: denial of service via buffer overflow in getaddrinfo - debian/patches/any/CVE-2013-4458.patch: fix overflow in sysdeps/posix/getaddrinfo.c. - CVE-2013-4458 * SECURITY UPDATE: Directory traversal in locale environment handling - debian/patches/any/CVE-2014-0475.diff: validate locale names in locale/findlocale.c, locale/setlocale.c, added test to localedata/tst-setlocale3.c, localedata/Makefile. - CVE-2014-0475 * SECURITY UPDATE: use-after-free via posix_spawn_file_actions_addopen failing to copy the path argument - debian/patches/any/CVE-2014-4043.diff: properly copy path in posix/spawn_faction_addopen.c, posix/spawn_faction_destroy.c, posix/spawn_int.h, added test to posix/tst-spawn.c. - CVE-2014-4043 * debian/patches/any/CVE-2013-4237-part2.diff: fix alignment issue causing a readdir regression on sparc. * debian/patches/any/CVE-2013-4332-part2.diff: added a couple of extra commits to fix another overflow and an infinite loop.	Marc Deslauriers	2.11.1-0ubuntu7.14	9 years ago
47	* SECURITY UPDATE: denial of service and possible code execu... * SECURITY UPDATE: denial of service and possible code execution via strcoll overflows - debian/patches/any/CVE-2012-44xx.diff: fix overflows in string/strcoll_l.c, add test to string/tst-strcoll-overflow.c, string/Makefile. - CVE-2012-4412 - CVE-2012-4424 * SECURITY UPDATE: denial of service in regular expression matcher - debian/patches/any/CVE-2013-0242.diff: fix buffer overrun in posix/regexec.c, add test to posix/bug-regex34.c, posix/Makefile. - CVE-2013-0242 * SECURITY UPDATE: denial of service in getaddrinfo - debian/patches/any/CVE-2013-1914.diff: fix overflow in sysdeps/posix/getaddrinfo.c, add libc_hidden_proto for __libc_alloca_cutoff in include/alloca.h, nptl/Versions, nptl/alloca_cutoff.c. - CVE-2013-1914 * SECURITY UPDATE: denial of service and possible code execution via readdir_r - debian/patches/any/CVE-2013-4237.diff: enforce NAME_MAX limit in sysdeps/unix/readdir_r.c, add errcode to sysdeps/unix/dirstream.h, sysdeps/unix/opendir.c, sysdeps/unix/rewinddir.c, remove GETDENTS_64BIT_ALIGNED from sysdeps/unix/sysv/linux/i386/readdir64_r.c, sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c. - CVE-2013-4237 * SECURITY UPDATE: denial of service and possible code execution via overflows in memory allocator - debian/patches/any/CVE-2013-4332.diff: check for overflows in malloc/malloc.c. - CVE-2013-4332	Marc Deslauriers	2.11.1-0ubuntu7.13	10 years ago
46	* SECURITY UPDATE: buffer overflow in vfprintf handling * SECURITY UPDATE: buffer overflow in vfprintf handling - debian/patches/any/CVE-2012-3404.patch: Fix allocation when handling positional parameters in printf. - CVE-2012-3404 * SECURITY UPDATE: buffer overflow in vfprintf handling - debian/patches/any/CVE-2012-3405.patch: fix extension of array - CVE-2012-3405 * SECURITY UPDATE: stack buffer overflow in vfprintf handling (LP: #1031301) - debian/patches/any/CVE-2012-3406.patch: switch to malloc when array grows too large to handle via alloca extension - CVE-2012-3406 * SECURITY UPDATE: stdlib strtod integer/buffer overflows - debian/patches/any/CVE-2012-3480.patch: rearrange calculations and modify types to void integer overflows - CVE-2012-3480 * debian/patches/any/strtod_overflow_bug7066.patch: Fix array overflow in floating point parser triggered by applying patch for CVE-2012-3480 * debian/testsuite-checking/expected-results-x86_64-linux-gnu-libc, debian/testsuite-checking/expected-results-i486-linux-gnu-libc, debian/testsuite-checking/expected-results-i686-linux-gnu-i386, debian/testsuite-checking/expected-results-i686-linux-gnu-i686, debian/testsuite-checking/expected-results-i686-linux-gnu-xen, debian/testsuite-checking/expected-results-sparc64-linux-gnu-sparc64: update for pre-existing testsuite failures that prevents FTBFS when the testsuite is enabled.	Steve Beattie	2.11.1-0ubuntu7.11	11 years ago
45	* SECURITY UPDATE: timezone header parsing integer overflow ... * SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961) - debian/patches/any/glibc-CVE-2009-5029.patch: Check values from TZ file header - CVE-2009-5029 * SECURITY UPDATE: memory consumption denial of service in fnmatch - debian/patches/any/glibc-CVE-2011-1071.patch: avoid too much stack use in fnmatch. - CVE-2011-1071 * SECURITY UPDATE: /etc/mtab corruption denial of service - debian/patches/any/glibc-CVE-2011-1089.patch: Report write error in addmnt even for cached streams - CVE-2011-1089 * SECURITY UPDATE: insufficient locale environment sanitization - debian/patches/any/glibc-CVE-2011-1095.patch: escape contents of LANG environment variable. - CVE-2011-1095 * SECURITY UPDATE: ld.so insecure handling of privileged programs' RPATHs with $ORIGIN - debian/patches/any/glibc-CVE-2011-1658.patch: improve handling of RPATH and ORIGIN - CVE-2011-1658 * SECURITY UPDATE: fnmatch integer overflow - debian/patches/any/glibc-CVE-2011-1659.patch: check size of pattern in wide character representation - CVE-2011-1659 * SECURITY UPDATE: signedness bug in memcpy_ssse3 - debian/patches/any/glibc-CVE-2011-2702.patch: use unsigned comparison instructions - CVE-2011-2702 * SECURITY UPDATE: DoS in RPC implementation (LP: #901716) - debian/patches/any/glibc-CVE-2011-4609.patch: nanosleep when too many open fds is detected - CVE-2011-4609 * SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY check bypass - debian/patches/any/glibc-CVE-2012-0864.patch: check for integer overflow - CVE-2012-0864 * debian/testsuite-checking/expected-results-x86_64-linux-gnu-libc, debian/testsuite-checking/expected-results-i686-linux-gnu-i386, debian/testsuite-checking/expected-results-arm-linux-gnueabi-libc: update for pre-existing testsuite failures that prevents FTBFS when the testsuite is enabled.	Steve Beattie	2.11.1-0ubuntu7.10	12 years ago
44	* SECURITY UPDATE: setuid iconv users could load arbitrary l... * SECURITY UPDATE: setuid iconv users could load arbitrary libraries. - debian/patches/any/dst-expansion-fix.diff: refresh with new proposed solution, avoiding iconv issues. - any/cvs-check-setuid-on-audit.diff: upstream fix for CVE-2010-3856, which was already had a work-around in 2.11.1-0ubuntu7.5.	Kees Cook	2.11.1-0ubuntu7.7	13 years ago
43	* SECURITY UPDATE: root escalation via LD_AUDIT DST expansio... * SECURITY UPDATE: root escalation via LD_AUDIT DST expansion. - debian/patches/any/dst-expansion-fix.diff: upstream fixes. - CVE-2010-3847 - debian/patches/any/disable-ld_audit.diff: turn off LD_AUDIT for setuid binaries.	Kees Cook	2.11.1-0ubuntu7.5	13 years ago
42	* SECURITY UPDATE: newlines not escaped in /etc/mtab. * SECURITY UPDATE: newlines not escaped in /etc/mtab. - debian/patches/any/git-mntent-newline-escape.diff: upstream fixes. - CVE-2010-0296 * SECURITY UPDATE: arbitrary code execution from ELF headers (LP: #542197). - debian/patches/any/git-fix-dtag-cast.diff: upstream fixes. - CVE-2010-0830	Kees Cook	2.11.1-0ubuntu7.1	14 years ago
41	Fix logic that tests if gdm needs a restart or a reload Fix logic that tests if gdm needs a restart or a reload to handle both the initscript and upstart cases. This fixes a gdm restart during a hardy to lucid upgrade (LP: #568292)	Michael Vogt	2.11.1-0ubuntu7	14 years ago
40	[ Kees Cook ] [ Kees Cook ] * [BZ #11333], Handle unnecessary padding in getdents64. LP: #392501. [ Matthias Klose ] * Apply from the 2.11-x86 branch: - Fix bugs in strcmp-sse4.S and strcmp-ssse3.S (H.J. Lu). LP: #563291. - Fix bugs in memcpy-ssse3. LP: #560135. * Assign global scope to RFC 1918 addresses in getaddrinfo(). Thanks Tore Anderson. LP: #555210. * Re-enable the local-ipv6-lookup patch. Addresses #417757.	Matthias Klose	2.11.1-0ubuntu6	14 years ago
39	* Apply from the 2.11-x86 branch: * Apply from the 2.11-x86 branch: - Append -U__i686 in ASFLAGS on x86. - Backport 32bit SSSE3/SSE4 optimized memcmp and strcmp from trunk. - Correct unwind info in strcmp-sse4.S. - Fix sysdeps/i386/i686/multiarch/memcmp-ssse3.S. * Extend logic to restart upstart based services on NSS upgrade. LP: #505838.	Matthias Klose	2.11.1-0ubuntu5	14 years ago
38	* debian/patches/any/submitted-nis-shadow.diff: updated to f... * debian/patches/any/submitted-nis-shadow.diff: updated to fix incorrect password overwriting (LP: #526530). * debian/control.in/main: update already uploaded g++ version Depend.	Kees Cook	2.11.1-0ubuntu4	14 years ago
37	* Merge with Debian (r4205, trunk). * Merge with Debian (r4205, trunk). * Merge from debian-2.11 branch: - Add debian/patches/arm/local-atomic.diff to fix the testsuite on arm.	Matthias Klose	2.11.1-0ubuntu3	14 years ago
36	Update to the eglibc 2.11 branch (r9744). Update to the eglibc 2.11 branch (r9744).	Matthias Klose	2.11.1-0ubuntu2	14 years ago
35	* Build package as eglibc-2.11.1 (based on r9672). * Build package as eglibc-2.11.1 (based on r9672). * Merge with Debian (r4096, trunk).	Matthias Klose	2.11.1-0ubuntu1	14 years ago
34	* debian/symbols: Replace the upper dependency on (<< 2.11... * debian/symbols: Replace the upper dependency on (<< 2.11) with (<< 2.12). dpkg-gensymbols didn't complain about missing symbols in earlier uploads. LP: #508702. * Add expected testsuite failures: - tst-cputimer1.out (powerpc 64bit).	Matthias Klose	2.11~20100104-0ubuntu5	14 years ago
33	* Still build the package as a 2.11 pre-release; packages li... * Still build the package as a 2.11 pre-release; packages like libglib2.0-0, libnih1 and upstart have 'libc6 (<< 2.11)' dependencies, for whatever reason, but they already did fail to see the pre-release. See LP: #508702. * Backport from the trunk: Optimize 32bit memset/memcpy with SSE2/SSSE3 (H.J. Lu).	Matthias Klose	2.11~20100104-0ubuntu4	14 years ago
32	* Upgrade the NSS min compat version to 2.11 in the maintain... * Upgrade the NSS min compat version to 2.11 in the maintainer scripts, to force maintainer restarts. LP: #504847. * debian/control: point Vcs-Bzr at a branch whose access rights match those of the archive.	Steve Langasek	2.11~20100104-0ubuntu3	14 years ago
31	[ Matthias Klose ] [ Matthias Klose ] * Mark test-fenv.out as failing on powerpc again. * Mark tst-backtrace2.out, tst-longjmp_chk2.out as failing on sparc64 again. * Call locale-gen --purge when updating from eglibc-2.10.x. LP: #504198. * Merge with Debian (r4063, trunk, 2.10.2-4). [ Kees Cook ] * debian/patches/ubuntu/*: update patch tags on patches recommended to Debian (Debian bug 563637).	Matthias Klose	2.11~20100104-0ubuntu2	14 years ago
30	* Remove expected test failures: * Remove expected test failures: - test-fenv.out (powerpc). * Add expected testsuite failures: - tst-cputimer1.out (powerpc 32bit), check-execstack.out (powerpc 64bit).	Matthias Klose	2.11~20100104-0ubuntu1	14 years ago
29	Don't apply the any/revert-cvs-futimens.diff patch on powerp... Don't apply the any/revert-cvs-futimens.diff patch on powerpc. The buildds still run linux-2.6.15.	Matthias Klose	2.10.2-3ubuntu2	14 years ago

Older »