What is the vulnerability ID for this advisory?

The vulnerability ID for this advisory is USN-4416-1.

What is the title of this advisory?

The title of this advisory is 'USN-4416-1: GNU C Library vulnerabilities'.

Who discovered the vulnerability?

The vulnerability was discovered by Florian Weimer.

What is the impact of this vulnerability?

The vulnerability could allow a remote attacker to cause a denial of service or execute arbitrary code.

Which versions of Ubuntu are affected by this vulnerability?

This vulnerability only affects Ubuntu 16.04 LTS, 18.04, and 19.10.

How can I fix this vulnerability?

To fix this vulnerability, upgrade to the specified version of libc6 as mentioned in the advisory.

Where can I find more information about this vulnerability?

More information about this vulnerability can be found on the Ubuntu Security website.

Vulnerability/
USN-4416-1

6/7/2020

USN-4416-1: GNU C Library vulnerabilities

First published: Mon Jul 06 2020(Updated: )

Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12133) It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-18269) It was discovered that the GNU C Library incorrectly handled certain pathname operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11236) It was discovered that the GNU C Library incorrectly handled certain AVX-512-optimized mempcpy operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11237) It was discovered that the GNU C Library incorrectly handled certain hostname loookups. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-19591) Jakub Wilk discovered that the GNU C Library incorrectly handled certain memalign functions. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-6485) It was discovered that the GNU C Library incorrectly ignored the LD_PREFER_MAP_32BIT_EXEC environment variable after security transitions. A local attacker could use this issue to bypass ASLR restrictions. (CVE-2019-19126) It was discovered that the GNU C Library incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9169) It was discovered that the GNU C Library incorrectly handled certain bit patterns. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10029) It was discovered that the GNU C Library incorrectly handled certain signal trampolines on PowerPC. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1751) It was discovered that the GNU C Library incorrectly handled tilde expansion. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1752)

Affected Software	Affected Version	How to fix
All of
ubuntu/libc6	<2.30-0ubuntu2.2	2.30-0ubuntu2.2
Ubuntu	=19.10
All of
ubuntu/libc6	<2.27-3ubuntu1.2	2.27-3ubuntu1.2
Ubuntu	=18.04
All of
ubuntu/libc6	<2.23-0ubuntu11.2	2.23-0ubuntu11.2
Ubuntu	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-4416-1.
What is the title of this advisory?
The title of this advisory is 'USN-4416-1: GNU C Library vulnerabilities'.
Who discovered the vulnerability?
The vulnerability was discovered by Florian Weimer.
What is the impact of this vulnerability?
The vulnerability could allow a remote attacker to cause a denial of service or execute arbitrary code.
Which versions of Ubuntu are affected by this vulnerability?
This vulnerability only affects Ubuntu 16.04 LTS, 18.04, and 19.10.
How can I fix this vulnerability?
To fix this vulnerability, upgrade to the specified version of libc6 as mentioned in the advisory.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found on the Ubuntu Security website.

agent/severity
agent/last-modified-date
agent/type
agent/first-publish-date
agent/title
agent/description
agent/event
agent/references
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu
version/ubuntu/19.10
version/ubuntu/18.04
version/ubuntu/16.04