Ubuntu 12.04.5 LTS won't update libc6 to 2.15-0ubuntu10.10

In light of CVE-2015-0235, I set out to upgrade my Ubuntu Servers today. I have a 12.04.5 LTS server that refuses to update my libc6 package to the version that does not contain the vulnerability (2.15-0ubuntu10.10, according to this). When I run apt-get update && apt-get upgrade and apt-get dist-upgrade, libc6 was upgraded to version 2.15-0ubuntu10.9, not to 2.15-0ubuntu10.10. After updating packages I rebooted the server.

Then I ran the C program found in the Security Advisory to see if the server was still vulnerable, which it is as the output is "vulnerable".

My /etc/apt/sources.list files includes the Ubuntu precise-security repositories:

deb http://security.ubuntu.com/ubuntu precise-security main restricted
deb-src http://security.ubuntu.com/ubuntu precise-security main restricted
deb http://security.ubuntu.com/ubuntu precise-security universe
deb-src http://security.ubuntu.com/ubuntu precise-security universe
deb http://security.ubuntu.com/ubuntu precise-security multiverse
deb-src http://security.ubuntu.com/ubuntu precise-security multiverse

Why can't I update libc6 to 2.15-0ubuntu10.10?

EDIT: I just tried installing the .deb linked by @geoffmcc by running dpkg -i libc6_2.15-0ubuntu10_amd64.deb as root, and here's the error message I get:

dpkg: warning: downgrading libc6 from 2.15-0ubuntu10.9 to 2.15-0ubuntu10.
(Reading database ... 102787 files and directories currently installed.)
Preparing to replace libc6 2.15-0ubuntu10.9 (using libc6_2.15-0ubuntu10_amd64.deb) ...
Unpacking replacement libc6 ...
dpkg: dependency problems prevent configuration of libc6:
 libc6 depends on libc-bin (= 2.15-0ubuntu10); however:
  Version of libc-bin on system is 2.15-0ubuntu10.9.
dpkg: error processing libc6 (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 libc6

EDIT 2: I have no idea why, but running apt-get update && apt-get upgrade again this morning presented the updates I needed. I can now run the C vulnerability checker and get "not vulnerable" to output. I ended up running apt-get install -f to for apt-get to replace the .debs that I installed manually, and the correct versions were installed.

Please see my updated answer.

@Nathan see edit 2. But also as I pointed out in another edit, newer distributions have what you need if a backup/update is possible, might be less of a headache. I suspect you still may get some errors. If do, let me know and I will try and find what you need. Having said that, not sure why error calling it a downgrade. Clearly an upgrade.

Thanks for your help, geoffmcc. We will be creating a replacement 14.04 LTS server for the code that's running on this server soon, and we might just abandon this server without patching this vulnerability.

Yeah. The second one might just get you there, but it may also gripe about other things being an older version than expected. Only one way to find out. But yeah, from what I can tell 14.04 should get you 2.19, so I would assume that's not vulnerable since it sounds fix was in 2.15

Upgrade unless someone more knowledgeable chimes in. I think it near EOL anyways..... Strike that, looks like it supported till 2017, but don't seem to be getting the updates it needs

I have 14.04 server on cloud. If you want to link your code to check if vulnerable, I can check out for you

I have some 14.04 servers that have successfully been patched, and the C vulnerability checker prints "not vulnerable", so I'm pretty confident the code works.

Do you think I would have to uninstall the old version of libc/libc-dev? I wouldn't think so because dpkg said it was replacing those old versions.

You shouldn't need to. dpkg would have taken care of that. But I found it odd that if you look again dpkg was actually calling it a downgrade for some reason.