USN-6541-1: GNU C Library vulnerabilities

Releases

• Ubuntu 23.04
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM

Packages

• glibc - GNU C Library

Details

It was discovered that the GNU C Library was not properly handling certain
memory operations. An attacker could possibly use this issue to cause a
denial of service (application crash). (CVE-2023-4806, CVE-2023-4813)

It was discovered that the GNU C library was not properly implementing a
fix for CVE-2023-4806 in certain cases, which could lead to a memory leak.
An attacker could possibly use this issue to cause a denial of service
(application crash). This issue only affected Ubuntu 22.04 LTS and Ubuntu
23.04. (CVE-2023-5156)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.04

• libc-bin - 2.37-0ubuntu2.2
• libc6 - 2.37-0ubuntu2.2

Ubuntu 22.04

• libc-bin - 2.35-0ubuntu3.5
• libc6 - 2.35-0ubuntu3.5

Ubuntu 20.04

• libc-bin - 2.31-0ubuntu9.14
• libc6 - 2.31-0ubuntu9.14

Ubuntu 18.04

• libc-bin - 2.27-3ubuntu1.6+esm1
  Available with Ubuntu Pro
• libc6 - 2.27-3ubuntu1.6+esm1
  Available with Ubuntu Pro

Ubuntu 16.04

• libc-bin - 2.23-0ubuntu11.3+esm5
  Available with Ubuntu Pro
• libc6 - 2.23-0ubuntu11.3+esm5
  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

• CVE-2023-4806
• CVE-2023-4813
• CVE-2023-5156