ClickCease klibc Vulnerabilities Addressed in Ubuntu

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

klibc Vulnerabilities Addressed in Ubuntu

by Rohan Timalsina

May 1, 2024 - TuxCare expert team

Recently, the Ubuntu security team has patched multiple vulnerabilities in klibc, a set of small utilities crucial for early boot processes. These vulnerabilities, if left unaddressed, could potentially lead to denial of service or arbitrary code execution. In this blog post, we’ll explore the details of these vulnerabilities and understand the importance of keeping systems up to date.

 

klibc Vulnerabilities Fixed in Ubuntu

 

The vulnerabilities addressed in the recent Ubuntu security updates include:

CVE-2016-9840 (CVSS v3 Score: 8.8 High), CVE-2016-9841 (CVSS v3 Score: 9.8 Critical)

These vulnerabilities revolve around incorrect handling of pointer arithmetic within zlib. Malicious actors could exploit these flaws to cause klibc to crash or potentially execute arbitrary code.

 

CVE-2018-25032 (CVSS v3 Score: 7.5 High)

Discovered by Danilo Ramos, this vulnerability involves improper memory handling during certain deflating operations in zlib. Exploiting this vulnerability could also cause klibc to crash or potentially execute arbitrary code.

 

CVE-2022-37434 (CVSS v3 Score: 9.8 Critical)

Uncovered by Evgeny Legerov, this vulnerability pertains to memory mishandling during specific inflate operations in zlib. Similarly, exploiting this flaw could result in klibc crashing and potential execution of arbitrary code.

 

Mitigation Efforts

 

The Ubuntu security team has responded to these threats by releasing security fixes for various Ubuntu versions, including Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. For Ubuntu users, updating to the latest klibc versions is imperative to mitigate the risks posed by these vulnerabilities. By ensuring that systems are patched and up to date, users can protect their systems against potential threats.

However, it is important to remember Ubuntu 14.04, Ubuntu 16.04, and Ubuntu 18.04 have already reached the end of life. Therefore, security updates are only available with extended security maintenance through a costly Ubuntu Pro subscription. Alternatively, users can utilize an affordable option, TuxCare’s Extended Lifecycle Support, that provides vendor-grade security patches for Ubuntu 16.04 and Ubuntu 18.04 for five additional years after the end of life.

Ask questions to a TuxCare security expert to learn more about securing your end-of-life Ubuntu systems.

 

Source: USN-6736-1

Summary
klibc Vulnerabilities Addressed in Ubuntu
Article Name
klibc Vulnerabilities Addressed in Ubuntu
Description
Discover critical klibc vulnerabilities addressed in the Ubuntu security updates. Learn how to protect your end-of-life Ubuntu systems.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!