CVE 2014-0475
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
Related bugs and status
CVE-2014-0475 (Candidate) is related to these bugs:
Bug #990982: [Multiarch] libfreetype6-dev:i386 dependencies issue
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
990982 | [Multiarch] libfreetype6-dev:i386 dependencies issue | freetype (Ubuntu) | Wishlist | Fix Released | ||
990982 | [Multiarch] libfreetype6-dev:i386 dependencies issue | glibc (Ubuntu) | Wishlist | Fix Released |
Bug #1005097: libc6-dev Recommends: gcc
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1005097 | libc6-dev Recommends: gcc | glibc (Ubuntu) | Undecided | Fix Released |
Bug #1341569: Shared libraries built with multiple tocs resolve plt to local function entry
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1341569 | Shared libraries built with multiple tocs resolve plt to local function entry | glibc (Ubuntu) | Undecided | Fix Released | ||
1341569 | Shared libraries built with multiple tocs resolve plt to local function entry | glibc (Ubuntu Utopic) | Undecided | Won't Fix | ||
1341569 | Shared libraries built with multiple tocs resolve plt to local function entry | glibc (Ubuntu Trusty) | Undecided | New |
Bug #1352504: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1352504 | Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname | eglibc (Ubuntu) | Undecided | Invalid | ||
1352504 | Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname | eglibc (Ubuntu Trusty) | Undecided | Invalid | ||
1352504 | Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname | eglibc (Ubuntu Utopic) | Undecided | Invalid | ||
1352504 | Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname | eglibc (Ubuntu Lucid) | Critical | Fix Released | ||
1352504 | Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname | eglibc (Ubuntu Precise) | Undecided | Invalid |
Bug #1362409: please fix CVE-2014-5119
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1362409 | please fix CVE-2014-5119 | glibc (Ubuntu) | High | Fix Released | ||
1362409 | please fix CVE-2014-5119 | eglibc (Ubuntu) | Undecided | Won't Fix | ||
1362409 | please fix CVE-2014-5119 | eglibc (Ubuntu Trusty) | High | Fix Released | ||
1362409 | please fix CVE-2014-5119 | eglibc (Ubuntu Lucid) | High | Fix Released | ||
1362409 | please fix CVE-2014-5119 | eglibc (Ubuntu Utopic) | Undecided | Won't Fix | ||
1362409 | please fix CVE-2014-5119 | glibc (Ubuntu Utopic) | High | Fix Released | ||
1362409 | please fix CVE-2014-5119 | eglibc (Ubuntu Precise) | High | Fix Released |
Bug #1381656: obsolete config: /etc/ld.so.conf.d/i686-linux-gnu.conf
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1381656 | obsolete config: /etc/ld.so.conf.d/i686-linux-gnu.conf | glibc (Ubuntu) | Undecided | Fix Released |
Bug #1418239: systemtap support needs sys/sdt.h with asm support error
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1418239 | systemtap support needs sys/sdt.h with asm support error | glibc (Ubuntu) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.