Lucene search
UbuntuUSN-2328-1HistoryAug 29, 2014 - 12:00 a.m.
GNU C Library vulnerability
2014-08-2900:00:00
ubuntu.com
37
8.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.7%
Releases
- Ubuntu 14.04 ESM
- Ubuntu 12.04
- Ubuntu 10.04
Packages
- eglibc - GNU C Library
Details
Tavis Ormandy and John Haxby discovered that the GNU C Library contained an
off-by-one error when performing transliteration module loading. A local
attacker could exploit this to gain administrative privileges.
(CVE-2014-5119)
USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS
and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a
regression with localplt on PowerPC. This update fixes the problem. We
apologize for the inconvenience.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | libc6 | <Β 2.19-0ubuntu6.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libc-bin | <Β 2.19-0ubuntu6.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libc-dev-bin | <Β 2.19-0ubuntu6.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libc6-dbg | <Β 2.19-0ubuntu6.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libc6-dev | <Β 2.19-0ubuntu6.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libc6-dev-i386 | <Β 2.19-0ubuntu6.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libc6-dev-x32 | <Β 2.19-0ubuntu6.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libc6-i386 | <Β 2.19-0ubuntu6.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libc6-pic | <Β 2.19-0ubuntu6.3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libc6-prof | <Β 2.19-0ubuntu6.3 | UNKNOWN |
References
Related
nessus
nessus
Ubuntu 14.04 LTS : GNU C Library vulnerability (USN-2328-1)
2014-08-29 00:00:00
Oracle Linux 5 / 6 / 7 : glibc (ELSA-2014-1110)
2014-08-30 00:00:00
Fedora 19 : glibc-2.17-21.fc19 (2014-9830)
2014-10-20 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in GNU C Library affects IBM SmartCloud Provisioning for Software Virtual Appliance (CVE-2014-5119, CVE-2014-0475)
2018-06-17 22:30:11
securityvulns
securityvulns
[USN-2328-1] GNU C Library vulnerability
2014-09-01 00:00:00
[SECURITY] [DSA 2976-1] eglibc security update
2014-07-14 00:00:00
glibc protection bypass
2014-07-14 00:00:00
openvas
openvas
CentOS Update for glibc CESA-2014:1110 centos7
2014-09-10 00:00:00
Ubuntu: Security Advisory (USN-2328-1)
2014-08-29 00:00:00
CentOS Update for glibc CESA-2014:1110 centos5
2014-08-30 00:00:00
oraclelinux
oraclelinux
glibc security update
2014-08-29 00:00:00
glibc security and bug fix update
2014-12-18 00:00:00
glibc security, bug fix, and enhancement update
2014-10-15 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: glibc-2.18-14.fc20
2014-08-28 15:31:23
[SECURITY] Fedora 19 Update: glibc-2.17-21.fc19
2014-10-19 13:24:18
[SECURITY] Fedora 20 Update: glibc-2.18-19.fc20
2015-03-04 10:25:31
redhat
redhat
(RHSA-2014:1110) Important: glibc security update
2014-08-29 00:00:00
(RHSA-2014:1118) Important: glibc security update
2014-09-02 00:00:00
osv
osv
eglibc - security update
2014-09-02 00:00:00
eglibc - security update
2014-08-27 00:00:00
eglibc - security update
2014-07-10 00:00:00
centos
centos
glibc, nscd security update
2014-08-29 20:28:37
debian
debian
[DLA 43-1] eglibc security update
2014-09-02 18:03:40
[SECURITY] [DSA 3012-1] eglibc security update
2014-08-27 05:51:23
[SECURITY] [DSA 2976-1] eglibc security update
2014-07-10 18:52:35
suse
suse
glibc (important)
2014-09-11 09:04:39
Security update for glibc (important)
2014-09-13 03:04:16
Security update for bash (critical)
2014-09-25 01:05:27
f5
f5
zdt
zdt
glibc Off-by-One NUL Byte gconv_translit_find Exploit
2014-08-27 00:00:00
prion
prion
Code injection
2014-08-29 16:55:00
Directory traversal
2014-07-29 14:55:00
ubuntucve
ubuntucve
CVE-2014-5119
2014-08-26 00:00:00
CVE-2014-0475
2014-07-29 00:00:00
cve
cve
CVE-2014-5119
2014-08-29 16:55:00
CVE-2014-0475
2014-07-29 14:55:00
amazon
amazon
Important: glibc
2014-09-03 14:44:00
Medium: glibc
2014-09-17 21:41:00
exploitpack
exploitpack
glibc - NUL Byte gconv_translit_find Off-by-One
2014-08-27 00:00:00
seebug
seebug
glibc Off-by-One NUL Byte gconv_translit_find Exploit
2014-09-04 00:00:00
debiancve
debiancve
CVE-2014-5119
2014-08-29 16:55:00
CVE-2014-0475
2014-07-29 14:55:00
cloudfoundry
cloudfoundry
CVE-2014-5119 glib_gconv_translit_find() exploit | Cloud Foundry
2014-09-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:59:59
Directory Traversal
2019-01-15 08:59:56
exploitdb
exploitdb
glibc - NUL Byte gconv_translit_find Off-by-One
2014-08-27 00:00:00
mageia
mageia
Updated glibc packages fix multiple security vulnerabilities
2014-09-15 14:36:30
Updated glibc packages fix security issues
2014-08-06 00:08:48
slackware
slackware
[slackware-security] glibc
2014-10-24 05:36:04
ubuntu
ubuntu
GNU C Library vulnerabilities
2014-08-04 00:00:00
GNU C Library regression
2014-08-05 00:00:00
GNU C Library regression
2014-09-08 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2016-02-17 00:00:00
8.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.7%
Related for USN-2328-1