Ubuntu 6591 Published by

The following updates has been released for Ubuntu Linux:

USN-3534-1: GNU C Library vulnerabilities
USN-3535-1: Bind vulnerability
USN-3535-2: Bind vulnerability
USN-3536-1: GNU C Library vulnerability



USN-3534-1: GNU C Library vulnerabilities

==========================================================================
Ubuntu Security Notice USN-3534-1
January 17, 2018

eglibc, glibc vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the GNU C library.

Software Description:
- glibc: GNU C Library
- eglibc: GNU C Library

Details:

It was discovered that the GNU C library did not properly handle all of
the possible return values from the kernel getcwd(2) syscall. A local
attacker could potentially exploit this to execute arbitrary code in setuid
programs and gain administrative privileges. (CVE-2018-1000001)

A memory leak was discovered in the _dl_init_paths() function in the GNU
C library dynamic loader. A local attacker could potentially exploit this
with a specially crafted value in the LD_HWCAP_MASK environment variable,
in combination with CVE-2017-1000409 and another vulnerability on a system
with hardlink protections disabled, in order to gain administrative
privileges. (CVE-2017-1000408)

A heap-based buffer overflow was discovered in the _dl_init_paths()
function in the GNU C library dynamic loader. A local attacker could
potentially exploit this with a specially crafted value in the
LD_LIBRARY_PATH environment variable, in combination with CVE-2017-1000408
and another vulnerability on a system with hardlink protections disabled,
in order to gain administrative privileges. (CVE-2017-1000409)

An off-by-one error leading to a heap-based buffer overflow was discovered
in the GNU C library glob() implementation. An attacker could potentially
exploit this to cause a denial of service or execute arbitrary code via a
maliciously crafted pattern. (CVE-2017-15670)

A heap-based buffer overflow was discovered during unescaping of user names
with the ~ operator in the GNU C library glob() implementation. An attacker
could potentially exploit this to cause a denial of service or execute
arbitrary code via a maliciously crafted pattern. (CVE-2017-15804)

It was discovered that the GNU C library dynamic loader mishandles RPATH
and RUNPATH containing $ORIGIN for privileged (setuid or AT_SECURE)
programs. A local attacker could potentially exploit this by providing a
specially crafted library in the current working directory in order to
gain administrative privileges. (CVE-2017-16997)

It was discovered that the GNU C library malloc() implementation could
return a memory block that is too small if an attempt is made to allocate
an object whose size is close to SIZE_MAX, resulting in a heap-based
overflow. An attacker could potentially exploit this to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 17.10.
(CVE-2017-17426)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
libc6 2.26-0ubuntu2.1

Ubuntu 16.04 LTS:
libc6 2.23-0ubuntu10

Ubuntu 14.04 LTS:
libc6 2.19-0ubuntu6.14

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3534-1
CVE-2017-1000408, CVE-2017-1000409, CVE-2017-15670, CVE-2017-15804,
CVE-2017-16997, CVE-2017-17426, CVE-2018-1000001

Package Information:
https://launchpad.net/ubuntu/+source/glibc/2.26-0ubuntu2.1
https://launchpad.net/ubuntu/+source/glibc/2.23-0ubuntu10
https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.14

USN-3535-1: Bind vulnerability

==========================================================================
Ubuntu Security Notice USN-3535-1
January 17, 2018

bind9 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Bind could be made to crash if it received specially crafted network
traffic.

Software Description:
- bind9: Internet Domain Name Server

Details:

Jayachandran Palanisamy discovered that the Bind resolver incorrectly
handled fetch cleanup sequencing. A remote attacker could possibly use this
issue to cause Bind to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
bind9 1:9.10.3.dfsg.P4-12.6ubuntu1.1

Ubuntu 16.04 LTS:
bind9 1:9.10.3.dfsg.P4-8ubuntu1.10

Ubuntu 14.04 LTS:
bind9 1:9.9.5.dfsg-3ubuntu0.17

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3535-1
CVE-2017-3145

Package Information:
https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-12.6ubuntu1.1
https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-8ubuntu1.10
https://launchpad.net/ubuntu/+source/bind9/1:9.9.5.dfsg-3ubuntu0.17

USN-3535-2: Bind vulnerability

==========================================================================
Ubuntu Security Notice USN-3535-2
January 17, 2018

bind9 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Bind could be made to crash if it received specially crafted network
traffic.

Software Description:
- bind9: Internet Domain Name Server

Details:

USN-3535-1 fixed a vulnerability in Bind. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Jayachandran Palanisamy discovered that the Bind resolver incorrectly
 handled fetch cleanup sequencing. A remote attacker could possibly use
 this issue to cause Bind to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  bind9 1:9.8.1.dfsg.P1-4ubuntu0.24

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3535-2
  https://www.ubuntu.com/usn/usn-3535-1
  CVE-2017-3145

USN-3536-1: GNU C Library vulnerability


==========================================================================
Ubuntu Security Notice USN-3536-1
January 17, 2018

eglibc vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

The GNU C library could be made to run programs as an administrator.

Software Description:
- eglibc: GNU C Library

Details:

It was discovered that the GNU C library did not properly handle all of
the possible return values from the kernel getcwd(2) syscall. A local
attacker could potentially exploit this to execute arbitrary code in setuid
programs and gain administrative privileges. (CVE-2018-1000001)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
libc6 2.15-0ubuntu10.21

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3536-1
CVE-2018-1000001