USN-6541-1: GNU C Library vulnerabilities

Packages

glibc - GNU C Library

Details

It was discovered that the GNU C Library was not properly handling certain
memory operations. An attacker could possibly use this issue to cause a
denial of service (application crash). (CVE-2023-4806, CVE-2023-4813)

It was discovered that the GNU C library was not properly implementing a
fix for CVE-2023-4806 in certain cases, which could lead to a memory leak.
An attacker could possibly use this issue to cause a denial of service
(application crash). This issue only affected Ubuntu 22.04 LTS and Ubuntu
23.04. (CVE-2023-5156)

It was discovered that the GNU C Library was not properly handling certain
memory operations. An attacker could possibly use this issue to cause a
denial of service (application crash). (CVE-2023-4806, CVE-2023-4813)

It was discovered that the GNU C library was not properly implementing a
fix for CVE-2023-4806 in certain cases, which could lead to a memory leak.
An attacker could possibly use this issue to cause a denial of service
(application crash). This issue only affected Ubuntu 22.04 LTS and Ubuntu
23.04. (CVE-2023-5156)

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
23.04 lunar	libc-bin – 2.37-0ubuntu2.2
23.04 lunar	libc6 – 2.37-0ubuntu2.2
22.04 jammy	libc-bin – 2.35-0ubuntu3.5
22.04 jammy	libc6 – 2.35-0ubuntu3.5
20.04 focal	libc-bin – 2.31-0ubuntu9.14
20.04 focal	libc6 – 2.31-0ubuntu9.14
18.04 bionic	libc-bin – 2.27-3ubuntu1.6+esm1
18.04 bionic	libc6 – 2.27-3ubuntu1.6+esm1
16.04 xenial	libc-bin – 2.23-0ubuntu11.3+esm5
16.04 xenial	libc6 – 2.23-0ubuntu11.3+esm5

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

Packages

Details

Update instructions

Reduce your security exposure

References