Public bug reported: Title: Vulnerability in Glibc - CVE-2022-23219 Expectation: Glibc needs to be upgraded to glib v2.35 (Feb2022 release) Details of CVE - https://nvd.nist.gov/vuln/detail/CVE-2022-23219 & https://ubuntu.com/security/CVE-2022-23219 Description: The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka Glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
** Affects: glibc (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961117 Title: Vulnerability in glibc - CVE-2022-23219 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1961117/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs