[Bug 1851263] Re: Ubuntu 18.04.3 LTS bump Glibc 2.27 to the latest stable

Loïc Minier loic.minier at ubuntu.com
Wed Nov 6 18:54:42 UTC 2019 

Hi Romain and thanks for your report,

In general, we don't make large upstream updates after release, especially for LTS and even more so for a critical piece like glibc. If you've identified the single patch that would address your issue, it can be considered for the SRU process:
https://wiki.ubuntu.com/StableReleaseUpdates

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1851263

Title:
  Ubuntu 18.04.3 LTS bump Glibc 2.27 to the latest stable

Status in glibc package in Ubuntu:
  New

Bug description:
  Hi,

  I updated from ubuntu 14.04 to 18.04 and installed a custom (old)
  application.

  When starting the application it stop immediately with this error message:
  "glibc detected an invalid stdio handle"

  This error message was added by commit [1] "libio: Implement vtable
  verification [BZ #20191]" to fix a security issue [2].

  I tested with several Linux distribution (so different libc version)
  and the application is working fine with Fedora 30 (Glibc 2.29).

  There is an interesting patch [3] from Glibc 2.28 which was backported
  to Glibc 2.27 [4] "libio: Disable vtable validation in case of
  interposition [BZ #23313]"

  But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018).
  Here is the Glibc version used in 18.04:
  $ dpkg -s libc6
  [...]
  Version: 2.27-3ubuntu1

  Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018
  but there is a lot of fix from upstream Glibc 2.27 stable branch. The
  one I'm looking for was merged the 07-2018.

  It would be great if Ubuntu 18.04 can update Glibc to the latest
  stable version.

  Best regards,
  Romain

  [1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51
  [2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation
  [3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0
  [4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1851263/+subscriptions

More information about the foundations-bugs mailing list