5979272 2001-01-18 22:45 -0800 /47 rader/ Greg KH <greg@WIREX.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-01-19 17:55 av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: greg@WIREX.COM
Mottagare: Bugtraq (import) <14907>
Ärende: Immunix OS Security update for glibc
------------------------------------------------------------
-----------------------------------------------------------------------
Immunix OS Security Advisory
Packages updated: glibc
Effected products: Immunix OS 7.0-beta
Bugs Fixed: immunix/1320
Date: January 18, 2001
Advisory ID: IMNX-2000-70-029-01
Author: Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------
Description:
There is a bug in the current version of the GNU C Library (glibc)
that is shipped with Immunix Linux 7.0-beta. This bug can allow
unprivileged users to read files that would normally be restricted
(like /etc/shadow). This is done by setting the RESOLV_HOST_CONF
environment variable to the file that the user wishes to read, and
then running any setuid root program (like sudo or ssh.) This causes
the restricted file to be written to stderr.
Packages have been created and released for Immunix 7.0 beta to fix
this problem.
Package names and locations:
Precompiled binary packages for Immunix 7.0 beta are available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/glibc-2.2-12_imnx_7.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/glibc-common-2.2-12_imnx_7.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/glibc-devel-2.2-12_imnx_7.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/glibc-profile-2.2-12_imnx_7.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/nscd-2.2-12_imnx_7.i386.rpm
Source package for Immunix 7.0 beta is available at:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/SRPMS/glibc-2.2-12_imnx_7.src.rpm
md5sums of the packages:
733728df9085585346af50ae63bc9b42 glibc-2.2-12_imnx_7.i386.rpm
a9945444b49a35323da17c428a4bbcae glibc-common-2.2-12_imnx_7.i386.rpm
7544da1a3ceea13770f9d40997577f35 glibc-devel-2.2-12_imnx_7.i386.rpm
9a2d8caaf53409f2ce3d57013259658a glibc-profile-2.2-12_imnx_7.i386.rpm
83e4a07d56280574b6d5846cb0ca28f9 nscd-2.2-12_imnx_7.i386.rpm
9264d3521386bcc9112a6429840ff825 glibc-2.2-12_imnx_7.src.rpm
Online version of all Immunix 7.0-beta updates and advisories:
http://www.immunix.org/ImmunixOS/7.0-beta/updates/
(5979272) ------------------------------------------
Bilaga (application/pgp-signature) i text 5979273
5979273 2001-01-18 22:45 -0800 /10 rader/ Greg KH <greg@WIREX.COM>
Importerad: 2001-01-19 17:55 av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: greg@WIREX.COM
Mottagare: Bugtraq (import) <14908>
Bilaga (text/plain) till text 5979272
Ärende: Bilaga till: Immunix OS Security update for glibc
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6Z+KLAl5ylTeuKpURAnf2AJ4/JmcX4mT+xwcXnAOZ6m1ZdI58uACdHJjx
VaD9jmCKiZSh8R3ws9CXplU=
=BsEY
-----END PGP SIGNATURE-----
(5979273) ------------------------------------------