USN-6541-1 fixed vulnerabilities in the GNU C Library. Unfortunately, changes made to allow proper application of the fix for CVE-2023-4806 in Ubuntu 22.04 LTS introduced an issue in the NSCD service IPv6 processing functionalities. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the GNU C Library was not properly handling certain memory operations. An attacker could possibly use this issue to cause a denial of service (application crash). (CVE-2023-4806, CVE-2023-4813)
It was discovered that the GNU C library was not properly implementing a fix for CVE-2023-4806 in certain cases, which could lead to a memory leak. An attacker could possibly use this issue to cause a denial of service (application crash). This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-5156)
{ "availability": "No subscription required", "binaries": [ { "libc6-s390-dbgsym": "2.35-0ubuntu3.6", "libc6-dev": "2.35-0ubuntu3.6", "libc6-dev-s390": "2.35-0ubuntu3.6", "libc6-dev-i386": "2.35-0ubuntu3.6", "locales-all": "2.35-0ubuntu3.6", "libc6-amd64-dbgsym": "2.35-0ubuntu3.6", "glibc-source": "2.35-0ubuntu3.6", "libc6-dev-amd64": "2.35-0ubuntu3.6", "nscd-dbgsym": "2.35-0ubuntu3.6", "nscd": "2.35-0ubuntu3.6", "glibc-doc": "2.35-0ubuntu3.6", "libc6-dbg": "2.35-0ubuntu3.6", "libc6": "2.35-0ubuntu3.6", "libc-bin": "2.35-0ubuntu3.6", "libc6-i386": "2.35-0ubuntu3.6", "libc6-dev-x32": "2.35-0ubuntu3.6", "libc-bin-dbgsym": "2.35-0ubuntu3.6", "libc-dev-bin": "2.35-0ubuntu3.6", "libc6-amd64": "2.35-0ubuntu3.6", "libc6-x32": "2.35-0ubuntu3.6", "libc6-prof": "2.35-0ubuntu3.6", "libc-devtools": "2.35-0ubuntu3.6", "libc-devtools-dbgsym": "2.35-0ubuntu3.6", "libc6-s390": "2.35-0ubuntu3.6", "libc6-i386-dbgsym": "2.35-0ubuntu3.6", "locales": "2.35-0ubuntu3.6", "libc-dev-bin-dbgsym": "2.35-0ubuntu3.6", "libc6-x32-dbgsym": "2.35-0ubuntu3.6" } ] }