- Vulnerability/
- USN-6736-2
USN-6736-2: klibc vulnerabilities
First published: Thu May 23 2024(Updated: )
USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2018-25032) Evgeny Legerov discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2022-37434)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/klibc-utils | <2.0.13-4ubuntu0.1 | 2.0.13-4ubuntu0.1 |
| Ubuntu | =24.04 | |
| All of | ||
| ubuntu/libklibc | <2.0.13-4ubuntu0.1 | 2.0.13-4ubuntu0.1 |
| Ubuntu | =24.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2016-9841
- https://ubuntu.com/security/CVE-2022-37434
- https://ubuntu.com/security/CVE-2016-9840
- https://ubuntu.com/security/CVE-2018-25032
- https://ubuntu.com/security/notices/USN-4246-1
- https://ubuntu.com/security/notices/USN-4292-1
- https://ubuntu.com/security/notices/USN-6736-1
- https://ubuntu.com/security/notices/USN-5570-1
- https://ubuntu.com/security/notices/USN-5573-1
- https://ubuntu.com/security/notices/USN-5570-2
- https://ubuntu.com/security/notices/USN-5355-1
- https://ubuntu.com/security/notices/USN-5355-2
- https://ubuntu.com/security/notices/USN-5359-1
- https://ubuntu.com/security/notices/USN-5359-2
- https://ubuntu.com/security/notices/USN-5739-1
- https://launchpad.net/ubuntu/+source/klibc/2.0.13-4ubuntu0.1
- https://ubuntu.com/security/notices/USN-6736-2 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-6736-2?
USN-6736-2 addresses critical vulnerabilities related to pointer arithmetic handling in klibc's bundled zlib.
Which versions of Ubuntu are affected by USN-6736-2?
USN-6736-2 affects Ubuntu 24.04 LTS with specific versions of klibc-utils and libklibc packages before 2.0.13-4ubuntu0.1.
How do I fix USN-6736-2?
To fix USN-6736-2, update klibc-utils and libklibc to version 2.0.13-4ubuntu0.1 or later.
What vulnerabilities does USN-6736-2 address?
USN-6736-2 addresses vulnerabilities including CVE-2016-9840, CVE-2016-9841, and CVE-2022-37434.
What potential impact does USN-6736-2 have on my system?
If exploited, the vulnerabilities fixed in USN-6736-2 could lead to system crashes or escalated privileges.
- agent/last-modified-date
- agent/title
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/type
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/24.04