{"id":"USN-2519-1","summary":"eglibc, glibc vulnerabilities","details":"Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file\ndescriptors when resolving DNS queries under high load. This may cause a\ndenial of service in other applications, or an information leak. This issue\nonly affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2013-7423)\n\nIt was discovered that the GNU C Library incorrectly handled receiving a\npositive answer while processing the network name when performing DNS\nresolution. A remote attacker could use this issue to cause the GNU C\nLibrary to hang, resulting in a denial of service. (CVE-2014-9402)\n\nJoseph Myers discovered that the GNU C Library wscanf function incorrectly\nhandled memory. A remote attacker could possibly use this issue to cause\nthe GNU C Library to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu\n14.04 LTS and Ubuntu 14.10. (CVE-2015-1472, CVE-2015-1473)\n","modified":"2026-04-22T09:09:41.227257Z","published":"2015-02-26T15:57:33Z","related":["UBUNTU-CVE-2013-7423","UBUNTU-CVE-2014-9402","UBUNTU-CVE-2015-1472","UBUNTU-CVE-2015-1473"],"upstream":["CVE-2013-7423","CVE-2014-9402","CVE-2015-1472","CVE-2015-1473","UBUNTU-CVE-2013-7423","UBUNTU-CVE-2014-9402","UBUNTU-CVE-2015-1472","UBUNTU-CVE-2015-1473"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2519-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-7423"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-9402"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1472"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1473"}],"affected":[{"package":{"name":"eglibc","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/eglibc@2.19-0ubuntu6.6?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.19-0ubuntu6.6"}]}],"versions":["2.17-93ubuntu4","2.18-0ubuntu1","2.18-0ubuntu2","2.18-0ubuntu4","2.18-0ubuntu5","2.18-0ubuntu6","2.18-0ubuntu7","2.19-0ubuntu2","2.19-0ubuntu3","2.19-0ubuntu4","2.19-0ubuntu5","2.19-0ubuntu6","2.19-0ubuntu6.1","2.19-0ubuntu6.3","2.19-0ubuntu6.4","2.19-0ubuntu6.5"],"ecosystem_specific":{"binaries":[{"binary_version":"2.19-0ubuntu6.6","binary_name":"eglibc-source"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc-bin"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc-dev-bin"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc6"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc6-amd64"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc6-armel"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc6-dev-amd64"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc6-dev-armel"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc6-dev-i386"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc6-dev-ppc64"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc6-dev-x32"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc6-i386"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc6-pic"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc6-ppc64"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc6-prof"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"libc6-x32"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"multiarch-support"},{"binary_version":"2.19-0ubuntu6.6","binary_name":"nscd"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2519-1.json","cves_map":{"cves":[{"id":"CVE-2013-7423","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-9402","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2015-1472","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2015-1473","severity":[{"type":"Ubuntu","score":"low"}]}],"ecosystem":"Ubuntu:14.04:LTS"}}}],"schema_version":"1.7.5"}