CVE-2021-3326 in Ubuntu

CVE-2021-3326

Priority

Description

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and
earlier, when processing invalid input sequences in the ISO-2022-JP-3
encoding, fails an assertion in the code path and aborts the program,
potentially resulting in a denial of service.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3326
https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=2146
https://ubuntu.com/security/notices/USN-5310-1

Bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=27256
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981198
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1929105

Notes

Package

Source: eglibc (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	needed

Patches:

Package

Source: glibc (LP Ubuntu Debian)

Upstream:	released (2.33)
Ubuntu 18.04 LTS:	released (2.27-3ubuntu1.5)
Ubuntu 20.04 LTS:	released (2.31-0ubuntu9.7)
Ubuntu 21.10:	not-affected (2.33-0ubuntu5)
Ubuntu 16.04 ESM:	needed
Ubuntu 22.04 LTS:	not-affected (2.33-0ubuntu5)
Ubuntu 14.04 ESM:	DNE

Patches:

Upstream:

https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888

More Information

Updated: 2022-04-25 00:55:54 UTC (commit ecc1009cb19540b950de59270950018900f37f15)