USN-5379-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-5379-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5379-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5379-1

Related

Published

2022-04-18T11:37:31.558802Z

Modified

2022-04-18T11:37:31.558802Z

Summary

klibc vulnerabilities

Details

It was discovered that klibc did not properly perform some mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31870)

It was discovered that klibc did not properly handled some memory allocations on 64 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31871)

It was discovered that klibc did not properly handled some file sizes values on 32 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31872)

It was discovered that klibc did not properly handled some memory allocations. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31873)

References

Affected packages

Ubuntu:Pro:14.04:LTS / klibc

Package

Name: klibc
Purl: pkg:deb/ubuntu/klibc@2.0.3-0ubuntu1.14.04.3+esm2?arch=source&distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.3-0ubuntu1.14.04.3+esm2

Affected versions

2.*

2.0.1-3.1ubuntu2

2.0.2-1ubuntu1

2.0.2-1ubuntu2

2.0.3-0ubuntu1

2.0.3-0ubuntu1.14.04.1

2.0.3-0ubuntu1.14.04.2

2.0.3-0ubuntu1.14.04.3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.0.3-0ubuntu1.14.04.3+esm2",
            "binary_name": "klibc-utils"
        },
        {
            "binary_version": "2.0.3-0ubuntu1.14.04.3+esm2",
            "binary_name": "klibc-utils-floppy-udeb"
        },
        {
            "binary_version": "2.0.3-0ubuntu1.14.04.3+esm2",
            "binary_name": "klibc-utils-udeb"
        },
        {
            "binary_version": "2.0.3-0ubuntu1.14.04.3+esm2",
            "binary_name": "libklibc"
        },
        {
            "binary_version": "2.0.3-0ubuntu1.14.04.3+esm2",
            "binary_name": "libklibc-dev"
        },
        {
            "binary_version": "2.0.3-0ubuntu1.14.04.3+esm2",
            "binary_name": "libklibc-dev-dbgsym"
        },
        {
            "binary_version": "2.0.3-0ubuntu1.14.04.3+esm2",
            "binary_name": "libklibc-udeb"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / klibc

Package

Name: klibc
Purl: pkg:deb/ubuntu/klibc@2.0.4-8ubuntu1.16.04.4+esm1?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.4-8ubuntu1.16.04.4+esm1

Affected versions

2.*

2.0.3-0ubuntu1

2.0.4-4

2.0.4-6

2.0.4-7

2.0.4-8

2.0.4-8ubuntu1

2.0.4-8ubuntu1.16.04.1

2.0.4-8ubuntu1.16.04.2

2.0.4-8ubuntu1.16.04.3

2.0.4-8ubuntu1.16.04.4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "2.0.4-8ubuntu1.16.04.4+esm1",
            "binary_name": "klibc-utils"
        },
        {
            "binary_version": "2.0.4-8ubuntu1.16.04.4+esm1",
            "binary_name": "libklibc"
        },
        {
            "binary_version": "2.0.4-8ubuntu1.16.04.4+esm1",
            "binary_name": "libklibc-dev"
        },
        {
            "binary_version": "2.0.4-8ubuntu1.16.04.4+esm1",
            "binary_name": "libklibc-dev-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / klibc

Package

Name: klibc
Purl: pkg:deb/ubuntu/klibc@2.0.4-9ubuntu2.1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.4-9ubuntu2.1

Affected versions

2.*

2.0.4-9ubuntu1

2.0.4-9ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2.0.4-9ubuntu2.1",
            "binary_name": "klibc-utils"
        },
        {
            "binary_version": "2.0.4-9ubuntu2.1",
            "binary_name": "libklibc"
        },
        {
            "binary_version": "2.0.4-9ubuntu2.1",
            "binary_name": "libklibc-dev"
        }
    ]
}

Ubuntu:20.04:LTS / klibc

Package

Name: klibc
Purl: pkg:deb/ubuntu/klibc@2.0.7-1ubuntu5.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.7-1ubuntu5.1

Affected versions

2.*

2.0.6-1ubuntu1

2.0.6-1ubuntu2

2.0.7-1ubuntu1

2.0.7-1ubuntu3

2.0.7-1ubuntu4

2.0.7-1ubuntu5

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2.0.7-1ubuntu5.1",
            "binary_name": "klibc-utils"
        },
        {
            "binary_version": "2.0.7-1ubuntu5.1",
            "binary_name": "klibc-utils-dbgsym"
        },
        {
            "binary_version": "2.0.7-1ubuntu5.1",
            "binary_name": "libklibc"
        },
        {
            "binary_version": "2.0.7-1ubuntu5.1",
            "binary_name": "libklibc-dbgsym"
        },
        {
            "binary_version": "2.0.7-1ubuntu5.1",
            "binary_name": "libklibc-dev"
        }
    ]
}