Ubuntu Wiki

GNU C Library buffer overflow in __nss_hostname_digits_dots() (CVE-2015-0235 aka GHOST)

It was discovered that a buffer overflow existed in the __nss_hostname_digits_dots function in the GNU C Library. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service.

The GNU C Library upstream had already addressed this issue in it's 2.18 release; however, the security impact of fix was not recognized at the time. Because of this, only Ubuntu 12.04 LTS (Precise) and Ubuntu 10.04 LTS were affected. To address the issue, ensure that libc6 2.15-0ubuntu10.10 (Ubuntu 12.04 LTS) or libc6 2.11.1-0ubuntu7.20 (Ubuntu 10.04 LTS) are installed.