USN-2985-2 GNU C Library regression


Severity

Medium

Vendor

GNU C, Canonical Ubuntu

Versions Affected
  • Ubuntu 14.04 LTS
Description

USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to address this issue.

Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. (CVE-2013-2207, CVE-2016-2856)

Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop). (CVE-2014-8121)

Arjun Shankar discovered that in certain situations the nss_dns code in the GNU C Library did not properly account buffer sizes when passed an unaligned buffer. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-1781)

Sumit Bose and Lukas Slebodnik discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not handle long lines in the files databases correctly. A local attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-5277)

Adam Nielsen discovered that the strftime function in the GNU C Library did not properly handle out-of-range argument data. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. (CVE-2015-8776)

Hector Marco and Ismael Ripoll discovered that the GNU C Library allowed the pointer-guarding protection mechanism to be disabled by honoring the LD_POINTER_GUARD environment variable across privilege boundaries. A local attacker could use this to exploit an existing vulnerability more easily. (CVE-2015-8777)

Szabolcs Nagy discovered that the hcreate functions in the GNU C Library did not properly check its size argument, leading to an integer overflow. An attacker could use to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-8778)

Maksymilian Arciemowicz discovered a stack-based buffer overflow in the catopen function in the GNU C Library when handling long catalog names. An attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-8779)

Florian Weimer discovered that the getnetbyname implementation in the GNU C Library did not properly handle long names passed as arguments. An attacker could use to cause a denial of service (stack exhaustion leading to an application crash). (CVE-2016-3075)

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • All versions of Cloud Foundry cflinuxfs2 prior to v.1.63.0
  • Pivotal Elastic Runtime 1.6.x versions prior to 1.6.27 AND 1.7.x versions prior to 1.7.5
  • Pivotal Ops Manager 1.6.x versions prior to 1.6.15 AND 1.7.x versions prior to 1.7.6
  • Pivotal MySQL 1.6.x versions prior to 1.6.12 AND 1.7.x versions prior to 1.7.9 AND edge release versions prior to 1.8.0-edge.7
  • Pivotal RiakCS 1.5.x versions prior to 1.5.13
  • Pivotal RabbitMQ 1.5.x versions prior to 1.5.12 AND 1.6.x versions prior to 1.6.1
  • Pivotal Redis 1.4.x versions prior to 1.4.25 AND 1.5.x versions prior to 1.5.14
  • Pivotal Push Notification Service 1.4.x versions prior to 1.4.9
  • PCF Metrics 1.0.x versions prior to 1.0.6
  • PCF Metrics: Log Search 1.x versions prior to 1.0.0
  • PCF Metrics: JMX Bridge 1.7.x versions prior to 1.7.3
  • Pivotal Single Sign On 1.x versions prior to 1.13 AND 1.1.x versions prior to 1.1.1
  • Pivotal Spring Cloud Services 1.0.x versions prior to 1.0.10
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.63.0 or later versions.
  • Upgrade Pivotal Elastic Runtime 1.6.x versions to 1.6.27 or later OR 1.7.x versions to 1.7.5 or later
  • Upgrade Pivotal Ops Manager 1.6.x versions to 1.6.15 or later OR 1.7.x versions to 1.7.6 or later
  • Upgrade Pivotal MySQL to 1.6.12 or later 1.6.x versions OR 1.7.x versions to 1.7.9 or later OR edge versions 1.8.0-edge.7 or later
  • Upgrade Pivotal RiakCS 1.5.x versions to 1.5.13 or later
  • Upgrade Pivotal RabbitMQ 1.5.x versions to 1.5.12 or later OR 1.6.x versions to 1.6.1 or later
  • Upgrade Pivotal Redis 1.4.x versions to 1.4.25 or later OR 1.5.x versions to 1.5.14 or later
  • Upgrade Pivotal Push Notification Service 1.4.x versions to 1.4.9
  • Upgrade PCF Metrics 1.0.x versions to 1.0.6 or later
  • Upgrade PCF Metrics: Log Search 1.x versions to 1.0.0 or later
  • Upgrade PCF Metrics: JMX Bridge 1.7.x versions to 1.7.3 or later
  • Upgrade Pivotal Single Sign On 1.x versions to 1.13 or later OR 1.1.x versions to 1.1.1 or later
  • Upgrade Pivotal Spring Cloud Services 1.0.x versions to 1.0.10 or later

Special Note for 1.7.x Ops Manager Deployments

The 1.7.x release line of Ops Manager includes a new feature that allows tile stemcells to “float”, which will allow Operators to update their Ops Manager deployment once rather than installing all new Services product releases. If you upgrade one Service tile in Ops Manager 1.7.x with the newly released stemcell, all tiles will automatically upgrade. For more information about the floating stemcell feature, refer to this document.

References