7673330 2001-12-14 17:05 -0500 /273 rader/ <redhat-announce-list-admin@redhat.com> Sänt av: mail@mail.nation.liu.se Importerad: 2001-12-14 23:28 av Brevbäraren Extern mottagare: redhat-watch-list@redhat.com Extern kopiemottagare: bugtraq@securityfocus.com Extern kopiemottagare: linux-security@redhat.com Externa svar till: redhat-announce-list@redhat.com Mottagare: Red Hat Announce (import) <1999> Sänt: 2001-12-14 23:28 Mottagare: Bugtraq (import) <20162> Sänt: 2001-12-15 21:38 Ärende: [RHSA-2001:160-09] Updated glibc packages are available ------------------------------------------------------------ --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated glibc packages are available Advisory ID: RHSA-2001:160-09 Issue date: 2001-11-28 Updated on: 2001-12-14 Product: Red Hat Linux Keywords: glibc glob buffer overrun DT_RUNPATH LD_LIBRARY_PATH strndup Cross references: Obsoletes: --------------------------------------------------------------------- 1. Topic: Updated glibc packages are available to fix an overflowable buffer and for 7.x to fix a couple of non-security related bugs. 2. Relevant releases/architectures: Red Hat Linux 6.2 - alpha, i386, i686, sparc, sparcv9 Red Hat Linux 7.0 - alpha, alphaev6, i386, i686 Red Hat Linux 7.1 - alpha, alphaev6, i386, i686, ia64 Red Hat Linux 7.2 - i386, i686 3. Problem description: An overflowable buffer exists in earlier versions of glibc glob(3) implementation. It may be possible to exploit programs that pass user modifiable input to the glibc glob function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2001-0886 to this issue. This errata also fixes a couple of non-security related bugs in glibc packages for Red Hat Linux 7.x. There was a bug in the dynamic linker which caused DT_RUNPATH dynamic tags (e.g. created by GNU ld with --enable-new-dtags -rpath DIR options) to behave the same way as mere DT_RPATH tag, ie. search paths in it couldn't be overridden by LD_LIBRARY_PATH environment variable; this is fixed in the updated packages, as well as a strndup bug when strndup was used with string literal argument and a typo in <inttypes.h> header. It is recommended that all users upgrade to provided packages. We'd like to thank Flavio Veloso <flaviovs@magnux.com> for discovering this buffer overflow problem. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 55865 - LD_LIBRARY_PATH / rpath interaction 57268 - syntax error in inttypes.h with 2.2.4-19 update 6. RPMs required: Red Hat Linux 6.2: SRPMS: ftp://updates.redhat.com/6.2/en/os/SRPMS/glibc-2.1.3-23.src.rpm alpha: ftp://updates.redhat.com/6.2/en/os/alpha/glibc-2.1.3-23.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/glibc-devel-2.1.3-23.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/glibc-profile-2.1.3-23.alpha.rpm ftp://updates.redhat.com/6.2/en/os/alpha/nscd-2.1.3-23.alpha.rpm i386: ftp://updates.redhat.com/6.2/en/os/i386/glibc-2.1.3-23.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/glibc-devel-2.1.3-23.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/glibc-profile-2.1.3-23.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/nscd-2.1.3-23.i386.rpm sparc: ftp://updates.redhat.com/6.2/en/os/sparc/glibc-2.1.3-23.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/glibc-devel-2.1.3-23.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/glibc-profile-2.1.3-23.sparc.rpm ftp://updates.redhat.com/6.2/en/os/sparc/nscd-2.1.3-23.sparc.rpm sparcv9: ftp://updates.redhat.com/6.2/en/os/sparcv9/glibc-2.1.3-23.sparcv9.rpm Red Hat Linux 7.0: SRPMS: ftp://updates.redhat.com/7.0/en/os/SRPMS/glibc-2.2.4-18.7.0.3.src.rpm alpha: ftp://updates.redhat.com/7.0/en/os/alpha/glibc-2.2.4-18.7.0.3.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/glibc-devel-2.2.4-18.7.0.3.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/glibc-profile-2.2.4-18.7.0.3.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/glibc-common-2.2.4-18.7.0.3.alpha.rpm ftp://updates.redhat.com/7.0/en/os/alpha/nscd-2.2.4-18.7.0.3.alpha.rpm alphaev6: ftp://updates.redhat.com/7.0/en/os/alphaev6/glibc-2.2.4-18.7.0.3.alphaev6.rpm i386: ftp://updates.redhat.com/7.0/en/os/i386/glibc-2.2.4-18.7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/glibc-devel-2.2.4-18.7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/glibc-profile-2.2.4-18.7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/glibc-common-2.2.4-18.7.0.3.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/nscd-2.2.4-18.7.0.3.i386.rpm i686: ftp://updates.redhat.com/7.0/en/os/i686/glibc-2.2.4-18.7.0.3.i686.rpm Red Hat Linux 7.1: SRPMS: ftp://updates.redhat.com/7.1/en/os/SRPMS/glibc-2.2.4-19.3.src.rpm alpha: ftp://updates.redhat.com/7.1/en/os/alpha/glibc-2.2.4-19.3.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/glibc-devel-2.2.4-19.3.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/glibc-profile-2.2.4-19.3.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/glibc-common-2.2.4-19.3.alpha.rpm ftp://updates.redhat.com/7.1/en/os/alpha/nscd-2.2.4-19.3.alpha.rpm alphaev6: ftp://updates.redhat.com/7.1/en/os/alphaev6/glibc-2.2.4-19.3.alphaev6.rpm i386: ftp://updates.redhat.com/7.1/en/os/i386/glibc-2.2.4-19.3.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/glibc-devel-2.2.4-19.3.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/glibc-profile-2.2.4-19.3.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/glibc-common-2.2.4-19.3.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/nscd-2.2.4-19.3.i386.rpm i686: ftp://updates.redhat.com/7.1/en/os/i686/glibc-2.2.4-19.3.i686.rpm ia64: ftp://updates.redhat.com/7.1/en/os/ia64/glibc-2.2.4-19.3.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/glibc-devel-2.2.4-19.3.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/glibc-profile-2.2.4-19.3.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/glibc-common-2.2.4-19.3.ia64.rpm ftp://updates.redhat.com/7.1/en/os/ia64/nscd-2.2.4-19.3.ia64.rpm Red Hat Linux 7.2: SRPMS: ftp://updates.redhat.com/7.2/en/os/SRPMS/glibc-2.2.4-19.3.src.rpm i386: ftp://updates.redhat.com/7.2/en/os/i386/glibc-2.2.4-19.3.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/glibc-devel-2.2.4-19.3.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/glibc-profile-2.2.4-19.3.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/glibc-common-2.2.4-19.3.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/nscd-2.2.4-19.3.i386.rpm i686: ftp://updates.redhat.com/7.2/en/os/i686/glibc-2.2.4-19.3.i686.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- c357416249d75bdc045f6a0bd375d38e 6.2/en/os/SRPMS/glibc-2.1.3-23.src.rpm 1488ff1e3bd4505ebad71e9eadc6cfe3 6.2/en/os/alpha/glibc-2.1.3-23.alpha.rpm ccf5c9dd4c68eaae2f7661bce814a686 6.2/en/os/alpha/glibc-devel-2.1.3-23.alpha.rpm 87e6ba6d7600a3b3fd35e106745fa788 6.2/en/os/alpha/glibc-profile-2.1.3-23.alpha.rpm a8679c548f4de4c413720b88231b79ea 6.2/en/os/alpha/nscd-2.1.3-23.alpha.rpm 3e8cba807ffdce5579114bb2f3fbbdfd 6.2/en/os/i386/glibc-2.1.3-23.i386.rpm aa3c90d7d4cedfd4ebf45a44312fd3a2 6.2/en/os/i386/glibc-devel-2.1.3-23.i386.rpm 07197b46d6f567131b43330bcc59b28f 6.2/en/os/i386/glibc-profile-2.1.3-23.i386.rpm ec8527e6b9924ce9e8a5824d1983a606 6.2/en/os/i386/nscd-2.1.3-23.i386.rpm 6e3523c567b724d6875b05d48a8781e1 6.2/en/os/sparc/glibc-2.1.3-23.sparc.rpm 9435475af4f944accc5c33119f4bebe1 6.2/en/os/sparc/glibc-devel-2.1.3-23.sparc.rpm b12cb08aaed71abab6c8b8eaa2b41072 6.2/en/os/sparc/glibc-profile-2.1.3-23.sparc.rpm b124928f89fb1a46cff833056d44dd79 6.2/en/os/sparc/nscd-2.1.3-23.sparc.rpm 907c6bdf5a8dd1c4f2803f6d8f3a0ae3 6.2/en/os/sparcv9/glibc-2.1.3-23.sparcv9.rpm ae84cff41c783ea0b75f083870a756f4 7.0/en/os/SRPMS/glibc-2.2.4-18.7.0.3.src.rpm f1c2cca381e329afcb9f580b3b889363 7.0/en/os/alpha/glibc-2.2.4-18.7.0.3.alpha.rpm 2076d9b49459b1b9d51a71ca6c1f7f6a 7.0/en/os/alpha/glibc-common-2.2.4-18.7.0.3.alpha.rpm f375a5b1b44110fb0fee04b69b6f2c63 7.0/en/os/alpha/glibc-devel-2.2.4-18.7.0.3.alpha.rpm 8f2430025f19cec38df29f673cd9b7bb 7.0/en/os/alpha/glibc-profile-2.2.4-18.7.0.3.alpha.rpm 1bfd015bc33811a1c6ad08f57d1bac29 7.0/en/os/alpha/nscd-2.2.4-18.7.0.3.alpha.rpm dcbfacca113f7ea4d3d7c75baac8d0fb 7.0/en/os/alphaev6/glibc-2.2.4-18.7.0.3.alphaev6.rpm 05bb9c3de55e04b8fca48d3508c99d03 7.0/en/os/i386/glibc-2.2.4-18.7.0.3.i386.rpm b4269c4c1c5e48166068a691cd0fd968 7.0/en/os/i386/glibc-common-2.2.4-18.7.0.3.i386.rpm e46be81d1912d78ea5a1e9db63623fe6 7.0/en/os/i386/glibc-devel-2.2.4-18.7.0.3.i386.rpm fedfe5e3d2cdbeef9eb616fbe215cb96 7.0/en/os/i386/glibc-profile-2.2.4-18.7.0.3.i386.rpm dff1ecb55acef7be12cffa5c45b725b1 7.0/en/os/i386/nscd-2.2.4-18.7.0.3.i386.rpm 2cda97a74018abad487b749923607cee 7.0/en/os/i686/glibc-2.2.4-18.7.0.3.i686.rpm 1ab748bd3fe04702751b7633b98a315d 7.1/en/os/SRPMS/glibc-2.2.4-19.3.src.rpm 3e2faca6f40e6167f88eea85eac58940 7.1/en/os/alpha/glibc-2.2.4-19.3.alpha.rpm 56538cf7a756228a90f25abd85774228 7.1/en/os/alpha/glibc-common-2.2.4-19.3.alpha.rpm b5a3914236dc76181d4f1b417fcb08f2 7.1/en/os/alpha/glibc-devel-2.2.4-19.3.alpha.rpm 11ddc075098bd3cd3953d86658250620 7.1/en/os/alpha/glibc-profile-2.2.4-19.3.alpha.rpm b4c02b68cf7a98376707e11a665e8057 7.1/en/os/alpha/nscd-2.2.4-19.3.alpha.rpm 0c74520246ae0f5b1ccacfcd65223feb 7.1/en/os/alphaev6/glibc-2.2.4-19.3.alphaev6.rpm 9ece40bc4b5a2fb8734c7807b28b86a4 7.1/en/os/i386/glibc-2.2.4-19.3.i386.rpm 8b9c9635214c475b6fd6c7e5dab3d3c0 7.1/en/os/i386/glibc-common-2.2.4-19.3.i386.rpm 78ddc49ad3cbb1f769d61f2357466d8d 7.1/en/os/i386/glibc-devel-2.2.4-19.3.i386.rpm e53b1f547dd67c86aa2cf969f54ff015 7.1/en/os/i386/glibc-profile-2.2.4-19.3.i386.rpm ce89d05dad8b1278d3a753676b96e5aa 7.1/en/os/i386/nscd-2.2.4-19.3.i386.rpm 1dfabf932afb04048d12622e6fc6859f 7.1/en/os/i686/glibc-2.2.4-19.3.i686.rpm 24cb3c3be8b8b50c709f5dfd593f2b0a 7.1/en/os/ia64/glibc-2.2.4-19.3.ia64.rpm 330ec0f05b6d2e83c4c57dcad9c513de 7.1/en/os/ia64/glibc-common-2.2.4-19.3.ia64.rpm 5bf8a4da1d8e34b79c4bdc953d610467 7.1/en/os/ia64/glibc-devel-2.2.4-19.3.ia64.rpm 5163bf8fa2897e653c93a9234a0d39b8 7.1/en/os/ia64/glibc-profile-2.2.4-19.3.ia64.rpm 64a273fa127fbd09f7f3a30b00390972 7.1/en/os/ia64/nscd-2.2.4-19.3.ia64.rpm 1ab748bd3fe04702751b7633b98a315d 7.2/en/os/SRPMS/glibc-2.2.4-19.3.src.rpm 9ece40bc4b5a2fb8734c7807b28b86a4 7.2/en/os/i386/glibc-2.2.4-19.3.i386.rpm 8b9c9635214c475b6fd6c7e5dab3d3c0 7.2/en/os/i386/glibc-common-2.2.4-19.3.i386.rpm 78ddc49ad3cbb1f769d61f2357466d8d 7.2/en/os/i386/glibc-devel-2.2.4-19.3.i386.rpm e53b1f547dd67c86aa2cf969f54ff015 7.2/en/os/i386/glibc-profile-2.2.4-19.3.i386.rpm ce89d05dad8b1278d3a753676b96e5aa 7.2/en/os/i386/nscd-2.2.4-19.3.i386.rpm 1dfabf932afb04048d12622e6fc6859f 7.2/en/os/i686/glibc-2.2.4-19.3.i686.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/about/contact/pgpkey.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0886 Copyright(c) 2000, 2001 Red Hat, Inc. _______________________________________________ Redhat-watch-list mailing list To unsubscribe, visit: https://listman.redhat.com/mailman/listinfo/redhat-watch-list _______________________________________________ redhat-announce-list mailing list redhat-announce-list@redhat.com https://listman.redhat.com/mailman/listinfo/redhat-announce-list (7673330) / <redhat-announce-list-admin@redhat.com>/(Ombruten) Kommentar i text 7675045