Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-0475

Published: 29 July 2014

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

Notes

AuthorNote
jdstrand
The fix for this introduced a localplt regression

Priority

Medium

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
lucid
Released (2.11.1-0ubuntu7.14)
precise
Released (2.15-0ubuntu10.6)
saucy Ignored
(end of life)
trusty
Released (2.19-0ubuntu6.1)
upstream
Released (2.19-7)
glibc
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

saucy Does not exist

trusty Does not exist

upstream
Released (2.19-6)
Patches:
upstream: https://sourceware.org/git/?p=glibc.git;h=4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3
upstream: https://sourceware.org/git/?p=glibc.git;h=585367266923156ac6fb789939a923641ba5aaf4 (doc)
upstream: https://sourceware.org/git/?p=glibc.git;h=d183645616b0533b3acee28f1a95570bffbdf50f
upstream: https://sourceware.org/git/?p=glibc.git;h=ca38dc17d85b09776a709c8ea7155c414df14073 (regression fix)