CVE-2019-19126

Priority
Description
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails
to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program
execution after a security transition, allowing local attackers to restrict
the possible mapping addresses for loaded libraries and thus bypass ASLR
for a setuid program.
Notes
sbeattieintroduced in b9eb92ab05204df772eb4929eccd018637c9f3e9,
so glibc 2.23
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:released (2.31)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.23-0ubuntu11.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.27-3ubuntu1.2)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (2.31-0ubuntu7)
Ubuntu 20.10 (Groovy Gorilla):not-affected (2.31-0ubuntu7)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d5dfad4326fc683c813df1e37bbf5cf920591c8e
More Information

Updated: 2020-07-28 20:07:15 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)