Does DigitalOcean have any advice on the urgent Stack Clash vulnerability?

June 19, 2017 2k views
Ubuntu Security


I just read about this major security vulnerability across multiple OSs, including Linux (presumably all flavors).

How long before a patch is available via our DigitalOcean distributions?

2 Answers

Two CVEs were issued for this vulnerability:

Ubuntu and Debian have already rolled out security updates to the libc6 package. The fixed versions are:

Distro Package Version
Ubuntu 17.04 2.24-9ubuntu2.2
Ubuntu 16.10 2.24-3ubuntu2.2
Ubuntu 16.04 2.23-0ubuntu9
Ubuntu 14.04 2.19-0ubuntu6.13
Debian 8 (jessie) 2.19-18+deb8u10
Debian 9 (stretch) 2.24-11+deb9u1

You can check which version of the package is installed and if the fixed version is available by running:

  • sudo apt-get update
  • apt-cache policy libc6

The output will look like:

  Installed: 2.24-11
  Candidate: 2.24-11+deb9u1
  Version table:
     2.24-11+deb9u1 500
        500 stretch/updates/main amd64 Packages
 *** 2.24-11 500
        500 stretch/main amd64 Packages
        100 /var/lib/dpkg/status

This shows me that I have the vulnerable version (2.24-11) installed, but can install the fixed version (2.24-11+deb9u1) by running an upgrade.

  • Hi,

    Excellent, thanks for this and the quick response. I’m assuming that Ubuntu 12.04 is no longer supported?



Thanks for posting these instructions.

For Ubuntu 14.04 you’ll see this:

  Installed: 2.19-0ubuntu6.13
  Candidate: 2.19-0ubuntu6.13
 *** 2.19-0ubuntu6.13 0
        500 trusty-updates/main amd64 Packages
        500 trusty-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2.19-0ubuntu6 0
        500 trusty/main amd64 Packages
Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!