USN-6737-1: GNU C Library vulnerability
Severity
medium
Vendor
VMware Tanzu
Versions Affected
- Canonical Ubuntu 22.04
- Cflinuxfs4
Description
Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6737-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: glibc-doc - 2.31-0ubuntu9.15 glibc-source - 2.31-0ubuntu9.15 libc-bin - 2.31-0ubuntu9.15 libc-dev-bin - 2.31-0ubuntu9.15 libc6 - 2.31-0ubuntu9.15 libc6-amd64 - 2.31-0ubuntu9.15 libc6-armel - 2.31-0ubuntu9.15 libc6-dev - 2.31-0ubuntu9.15 libc6-dev-amd64 - 2.31-0ubuntu9.15 libc6-dev-armel - 2.31-0ubuntu9.15 libc6-dev-i386 - 2.31-0ubuntu9.15 libc6-dev-s390 - 2.31-0ubuntu9.15 libc6-dev-x32 - 2.31-0ubuntu9.15 libc6-i386 - 2.31-0ubuntu9.15 libc6-lse - 2.31-0ubuntu9.15 libc6-pic - 2.31-0ubuntu9.15 libc6-prof - 2.31-0ubuntu9.15 libc6-s390 - 2.31-0ubuntu9.15 libc6-x32 - 2.31-0ubuntu9.15 locales - 2.31-0ubuntu9.15 locales-all - 2.31-0ubuntu9.15 nscd - 2.31-0ubuntu9.15 No subscription required.
Fixed VMware Products and Versions
- Cflinuxfs4
- 1.93.0 or greater
- Jammy Stemcells
- 1.439 or greater
- Operations Manager Image
- 3.0.28+LTS-T or greater
- Operations Manager
- 3.0.28+LTS-T or greater
References
https://ubuntu.com/security/notices/USN-6737-1
https://www.cloudfoundry.org/blog/usn-6737-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6737-1
History
2024-04-18: Initial vulnerability report published.