CVE-2014-0475

Publication date 29 July 2014

Last updated 24 July 2024

Ubuntu priority

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
eglibc	14.04 LTS trusty	Fixed 2.19-0ubuntu6.1
	13.10 saucy	Ignored
	12.04 LTS precise	Fixed 2.15-0ubuntu10.6
	10.04 LTS lucid	Fixed 2.11.1-0ubuntu7.14
glibc	14.04 LTS trusty	Not in release
	13.10 saucy	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release

Notes

jdstrand

The fix for this introduced a localplt regression

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
glibc	Upstream: https://sourceware.org/git/?p=glibc.git;h=4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3 Upstream: https://sourceware.org/git/?p=glibc.git;h=585367266923156ac6fb789939a923641ba5aaf4 Upstream: https://sourceware.org/git/?p=glibc.git;h=d183645616b0533b3acee28f1a95570bffbdf50f Upstream: https://sourceware.org/git/?p=glibc.git;h=ca38dc17d85b09776a709c8ea7155c414df14073

CVE-2014-0475

Status

Notes

jdstrand

Patch details

References

Related Ubuntu Security Notices (USN)

Other references