CVE-2016-6323

Priority
Low
Description
The makecontext function in the GNU C Library (aka glibc or libc6) before
2.25 creates execution contexts incompatible with the unwinder on ARM EABI
(32-bit) platforms, which might allow context-dependent attackers to cause
a denial of service (hang), as demonstrated by applications compiled using
gccgo, related to backtrace generation.
Ubuntu-Description
Andreas Schwab discovered that the GNU C Library on ARM 32-bit
platforms did not properly set up execution contexts. An attacker
could use this to cause a denial of service.
References
Notes
 sbeattie> debian/patches/git-updates.diff contains the fix in yakkety+
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):released (2.15-0ubuntu10.16)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.19-0ubuntu6.10)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 16.10 (Yakkety Yak):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7a609588a02281638e9a0cb57bed18966806349a (2.19
Package
Source: glibc (LP Ubuntu Debian)
Upstream:released (2.24-2)
Ubuntu 17.10 (Artful Aardvark):not-affected (2.24-3ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Touch 15.04:needed
Ubuntu Core 15.04:needed
Ubuntu 16.04 LTS (Xenial Xerus):released (2.23-0ubuntu6)
Ubuntu 16.10 (Yakkety Yak):not-affected (2.24-3ubuntu1)
Ubuntu 17.04 (Zesty Zapus):not-affected (2.24-3ubuntu1)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23446cad92195d8c50092410b4f72ca7f6d1d2f1 (2.23)
More Information

Updated: 2017-05-10 22:27:16 UTC (commit 12521)