Ubuntu patches vulnerabilities in klibc component
Take action: If you are using Ubuntu, plan to update your klibc component. It shouldn't break anything, but reasonable testing is advised. A
Learn More
The Ubuntu security team has addressed several vulnerabilities in klibc, a component used during the early stages of the boot process. The vulnerabilities, if exploited, could lead to denial of service (DoS) or arbitrary code execution.
Key vulnerabilities patched include:
- CVE-2016-9841 (CVSS score 9.8): flaw in zlib's memory handling can be exploited to cause crashes or execute arbitrary code.
- CVE-2022-37434 (CVSS score 9.8): mishandling memory during specific inflate operations in zlib, also leading to potential crashes or arbitrary code execution.
- CVE-2016-9840 (CVSS score 8.8): incorrect pointer arithmetic in zlib, potentially allowing an attacker to crash klibc or execute arbitrary code.
- CVE-2018-25032 (CVSS score 7.5): mproper memory handling during zlib's deflating operations, which could lead to similar exploit scenarios.
The Ubuntu security team has released updates for multiple versions of Ubuntu, including Ubuntu 14.04, 16.04, 18.04, 20.04 LTS, 22.04 LTS, and the newly supported Ubuntu 23.10.
Users should update their systems to the latest klibc versions to ensure protection against these threats. Ubuntu 14.04, 16.04, and 18.04 are now in the end-of-life phase, and security updates for these versions are only available through the commercial extended security maintenance options like Ubuntu Pro.
