[USN-5770-1] GCC vulnerability
== Ubuntu Security Notice USN-5770-1 December 08, 2022 gcc-5, gccgo-6 vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: GNU Compiler Collection's (GCC) random number generation could be made less random with specially crafted input. Software Description: - gcc-5: GNU C compiler - gccgo-6: GNU Go compiler Details: Todd Eisenberger discovered that certain versions of GNU Compiler Collection (GCC) could be made to clobber the status flag of RDRAND and RDSEED with specially crafted input. This could potentially lead to less randomness in random number generation. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: g++-5 5.4.0-6ubuntu1~16.04.12+esm2 gcc-5 5.4.0-6ubuntu1~16.04.12+esm2 gccgo-5 5.4.0-6ubuntu1~16.04.12+esm2 gccgo-6 6.0.1-0ubuntu1+esm1 gcj-5 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-jdk 5.4.0-6ubuntu1~16.04.12+esm2 gcj-5-jre-headless 5.4.0-6ubuntu1~16.04.12+esm2 gdc-5 5.4.0-6ubuntu1~16.04.12+esm2 gfortran-5 5.4.0-6ubuntu1~16.04.12+esm2 gnat-5 5.4.0-6ubuntu1~16.04.12+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5770-1 CVE-2017-11671 OpenPGP_0xD60B83C90513BD4F.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
[USN-5768-1] GNU C Library vulnerabilities
== Ubuntu Security Notice USN-5768-1 December 08, 2022 glibc vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in GNU C Library. Software Description: - glibc: GNU C Library Details: Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. (CVE-2016-10228, CVE-2019-25013, CVE-2020-27618) It was discovered that the GNU C Library did not properly handled DNS responses when ENDS0 is enabled. An attacker could possibly use this issue to cause fragmentation-based attacks. (CVE-2017-12132) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libc6 2.23-0ubuntu11.3+esm3 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5768-1 CVE-2016-10228, CVE-2017-12132, CVE-2019-25013, CVE-2020-27618 signature.asc Description: PGP signature
