Launchpad CVE tracker

CVE 2016-10228

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

Related bugs and status

CVE-2016-10228 (Candidate) is related to these bugs:

Bug #1887919: autopkgtest failure with libselinux 3.1

Summary				In	Importance	Status
	1887919	autopkgtest failure with libselinux 3.1		glibc (Ubuntu)	Undecided	Fix Released
	1887919	autopkgtest failure with libselinux 3.1		lxc (Ubuntu)	Undecided	Invalid

Bug #1889069: glibc FTBFS with gcc-10 10.2.0-3ubuntu1

Summary				In	Importance	Status
	1889069	glibc FTBFS with gcc-10 10.2.0-3ubuntu1		glibc (Ubuntu)	Undecided	Fix Released

Bug #1889190: ldconfig is still deferred in libc6.preinst

Summary				In	Importance	Status
	1889190	ldconfig is still deferred in libc6.preinst		glibc (Ubuntu)	Undecided	Fix Released
	1889190	ldconfig is still deferred in libc6.preinst		glibc (Ubuntu Focal)	Undecided	Fix Released

Bug #1895632: builds for libc 2.32 break all cross toolchains - missing libnss-nis-<arch>-cross

		In	Importance	Status
1895632	builds for libc 2.32 break all cross toolchains - missing libnss-nis-<arch>-cross	cross-toolchain-base-ports (Ubuntu)	Critical	Fix Released
1895632	builds for libc 2.32 break all cross toolchains - missing libnss-nis-<arch>-cross	gcc-10 (Ubuntu)	Undecided	Invalid
1895632	builds for libc 2.32 break all cross toolchains - missing libnss-nis-<arch>-cross	glibc (Ubuntu)	Undecided	Fix Released

Bug #1895687: tst-cpuclock1 test is sometimes failing in on armhf testbefs

Summary				In	Importance	Status
	1895687	tst-cpuclock1 test is sometimes failing in on armhf testbefs		glibc (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-10228

References