{"id":"USN-2432-1","summary":"eglibc, glibc vulnerabilities","details":"Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled\ncertain multibyte characters when using the iconv function. An attacker\ncould possibly use this issue to cause applications to crash, resulting in\na denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu\n12.04 LTS. (CVE-2012-6656)\n\nAdhemerval Zanella Netto discovered that the GNU C Library incorrectly\nhandled certain multibyte characters when using the iconv function. An\nattacker could possibly use this issue to cause applications to crash,\nresulting in a denial of service. (CVE-2014-6040)\n\nTim Waugh discovered that the GNU C Library incorrectly enforced the\nWRDE_NOCMD flag when handling the wordexp function. An attacker could\npossibly use this issue to execute arbitrary commands. (CVE-2014-7817)\n","modified":"2026-02-10T04:40:51Z","published":"2014-12-03T18:26:07Z","related":["UBUNTU-CVE-2014-6040","UBUNTU-CVE-2014-7817"],"upstream":["CVE-2012-6656","CVE-2014-6040","CVE-2014-7817","UBUNTU-CVE-2012-6656","UBUNTU-CVE-2014-6040","UBUNTU-CVE-2014-7817"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2432-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2012-6656"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-6040"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-7817"}],"affected":[{"package":{"name":"eglibc","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/eglibc@2.19-0ubuntu6.4?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.19-0ubuntu6.4"}]}],"versions":["2.17-93ubuntu4","2.18-0ubuntu1","2.18-0ubuntu2","2.18-0ubuntu4","2.18-0ubuntu5","2.18-0ubuntu6","2.18-0ubuntu7","2.19-0ubuntu2","2.19-0ubuntu3","2.19-0ubuntu4","2.19-0ubuntu5","2.19-0ubuntu6","2.19-0ubuntu6.1","2.19-0ubuntu6.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.19-0ubuntu6.4","binary_name":"eglibc-source"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc-bin"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc-dev-bin"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc6"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc6-amd64"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc6-armel"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc6-dev"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc6-dev-amd64"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc6-dev-armel"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc6-dev-i386"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc6-dev-ppc64"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc6-dev-x32"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc6-i386"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc6-pic"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc6-ppc64"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc6-prof"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"libc6-x32"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"multiarch-support"},{"binary_version":"2.19-0ubuntu6.4","binary_name":"nscd"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"score":"low","type":"Ubuntu"}],"id":"CVE-2014-6040"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-7817"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2432-1.json"}}],"schema_version":"1.7.3"}