glibc (2.23-0ubuntu6) xenial-security; urgency=medium

  * SECURITY UPDATE: DNS resolver NULL pointer dereference with
    crafted record type
    - patches/any/CVE-2015-5180.diff: use out of band signaling for
      internal queries
    - CVE-2015-5180
  * Rebuild to get the following fixes into the xenial-security pocket:
    - SECURITY UPDATE: stack-based buffer overflow in the glob
      + patches/git-updates.diff: Simplify the interface for the
        GLOB_ALTDIRFUNC callback gl_readdir
      + CVE-2016-1234
    - SECURITY UPDATE: getaddrinfo: stack overflow in hostent
      + patches/git-updates.diff: Use a heap allocation instead
      + CVE-2016-3706:
    - SECURITY UPDATE: stack exhaustion in clntudp_call
      + patches/git-updates.diff: Use malloc/free for the error
      + CVE-2016-4429
    - SECURITY UPDATE: memory exhaustion DoS in libresolv
      + patches/git-updates.diff: Simplify handling of nameserver
        configuration in resolver
      + CVE-2016-5417
    - SECURITY UPDATE: ARM32 backtrace infinite loop (DoS)
      + patches/git-updates.diff: mark __startcontext as .cantunwind
      + CVE-2016-6323

Date: 2017-03-07 01:19:03.698832+00:00
Changed-By: Steve Beattie <>
Sorry, changesfile not available.
Xenial-changes mailing list
Modify settings or unsubscribe at:

Reply via email to