touch-packages team mailing list archive

[Launchpad Bug Tracker <1352504@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package eglibc - 2.11.1-0ubuntu7.15

---------------
eglibc (2.11.1-0ubuntu7.15) lucid-security; urgency=medium

  * SECURITY REGRESSION: segfault when using nscd (LP: #1352504)
    - debian/patches/lp1352504.diff: don't free non-malloced memory and fix
      memory leak in nscd/nscd_getserv_r.c.
 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>   Tue, 05 Aug 2014 07:57:55 -0400

** Changed in: eglibc (Ubuntu Lucid)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1352504

Title:
  Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” source package in Lucid:
  Fix Released
Status in “eglibc” source package in Precise:
  Invalid
Status in “eglibc” source package in Trusty:
  Invalid
Status in “eglibc” source package in Utopic:
  Invalid

Bug description:
  After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to
  getservbyname() are causing segfaults; backtrace attached.  I suspect
  a failure in debian/patches/any/CVE-2013-4357.diff

  nscd is installed and in use as a caching layer for openldap, which
  use used for passwd, group, and shadow but not services.

  Needless to say, a security update that causes a regression which
  makes 'apt-get' segfault is quite unfortunate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions