USN-2328-1: GNU C Library vulnerability
29 August 2014
Certain applications could be made to crash or run programs as an administrator.
Releases
Packages
- eglibc - GNU C Library
Details
Tavis Ormandy and John Haxby discovered that the GNU C Library contained an
off-by-one error when performing transliteration module loading. A local
attacker could exploit this to gain administrative privileges.
(CVE-2014-5119)
USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS
and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a
regression with localplt on PowerPC. This update fixes the problem. We
apologize for the inconvenience.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
After a standard system update you need to reboot your computer to make
all the necessary changes.