[USN-5379-1] klibc vulnerabilities


========================================================================== Ubuntu Security Notice USN-5379-1 April 18, 2022
klibc vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS – Ubuntu 18.04 LTS – Ubuntu 16.04 ESM – Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in klibc.
Software Description: – klibc: small utilities built with klibc for early boot
Details:
It was discovered that klibc did not properly perform some mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31870)
It was discovered that klibc did not properly handled some memory allocations on 64 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31871)
It was discovered that klibc did not properly handled some file sizes values on 32 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31872)
It was discovered that klibc did not properly handled some memory allocations. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-31873)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS:   klibc-utils                     2.0.7-1ubuntu5.1   libklibc                        2.0.7-1ubuntu5.1
Ubuntu 18.04 LTS:   klibc-utils                     2.0.4-9ubuntu2.1   libklibc                        2.0.4-9ubuntu2.1
Ubuntu 16.04 ESM:   klibc-utils                     2.0.4-8ubuntu1.16.04.4+esm1   libklibc                        2.0.4-8ubuntu1.16.04.4+esm1
Ubuntu 14.04 ESM:   klibc-utils                     2.0.3-0ubuntu1.14.04.3+esm2   libklibc                        2.0.3-0ubuntu1.14.04.3+esm2
After a standard system update you need to reboot your computer to make all the necessary changes.
References:   ubuntu.com/security/notices/USN-5379-1   CVE-2021-31870, CVE-2021-31871, CVE-2021-31872, CVE-2021-31873
Package Information:   launchpad.net/ubuntu/+source/klibc/2.0.7-1ubuntu5.1   launchpad.net/ubuntu/+source/klibc/2.0.4-9ubuntu2.1