6513810 2001-05-17 13:15 -0700 /174 rader/ TurboLinux Security Team <security@www.turbolinux.com>
Bilagans filnamn: "glibc.adv"
Importerad: 2001-05-18 10:55 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <17077>
Bilaga (text/plain) till text 6513805
Ärende: Bilaga (glibc.adv) till: Turbolinux Security Advisories
------------------------------------------------------------
___________________________________________________________________________
TurboLinux Security Announcement
Vulnerable Packages: All versions prior to glibc-2.1.3-33
Date: 05/01/2001 5:00 PDT
Affected TurboLinux versions:TL WorkStation Server 6.5,
TL 6.1 WorkStation,
All TurboLinux versions
6.0.5 and earlier
TurboLinux Advisory ID#: TLSA2001009
Credits: Fixes made by Ulrich Drepper of Red Hat
___________________________________________________________________________
A security hole was discovered in the package mentioned above.
Please update the packages in your installation as soon as possible.
___________________________________________________________________________
1. Problem Summary(From the BugTraq advisory at securityfocus.com,
id#1634)
A format string vulnerability exists in the locale subsystem. The
locale subsystem consists of databases that contain language and
country spe- cific information. Whenever a program needs to
display a message to a user, it accesses a database within the
subsystem and retrieves the proper language-specific string using
the original message as the search key. The string(s) retrieved
by the program are displayed using printf(). It is possible for
an attacker to control the output by building and installing a
custom database.
2. Impact(Also from the BugTraq advisory on securityfocus.com)
An attacker can execute arbitrary code as a user with elevated
privileges(root) using almost any setuid program on the
vulnerable system.
In some operating systems, it is also possible to exploit the
problem remotely using the environment variable passing off
options to telnetd, but the attacker must first install his
customized database onto the target host.
3. Solution
************** If you are using TurboLinux Server 6.5: *********************
Update the packages from our ftp server by running the following
command for each package:
rpm -Uvh ftp_path_to_filename
Where ftp_path_to_filename is the following:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/glibc-2.1.3-33.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/glibc-devel-2.1.3-33.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/glibc-profile-2.1.3-33.i386.rpm
************** If you are using TurboLinux Workstation 6.1: ***************
First, uninstall the package glibc-2.1.3-2jaJP using the command:
rpm -e glibc-2.1.3-2jaJP
Next, install the following packages by running the following
command:
rpm -Uvh ftp_path_to_filename
Where ftp_path_to_filename is the following:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/glibc-2.1.3-33.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/glibc-locale-2.1.3-10.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/glibc-profile-2.1.3-33.i386.rpm
Finally, upgrade the package glibc-devel with the following
command:
rpm -Uvh --force ftp_path_to_filename
Where ftp_path_to_filename is the following:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/glibc-devel-2.1.3-33.i386.rpm
************** If you are using TurboLinux Server 6.0.5: *****************
Update the package glibc from our ftp server by running the
following command:
rpm -Uvh --force ftp_path_to_filename
Where ftp_path_to_filename is the following:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/glibc-2.1.3-33.i386.rpm
Next, update the packages glibc-devel and glibc-profile from our
ftp server by running the following command:
rpm -Uvh ftp_path_to_filename
Where ftp_path_to_filename is the following:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/glibc-devel-2.1.3-33.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/glibc-profile-2.1.3-33.i386.rpm
*******************************************************************************
The source RPM can be downloaded here:
ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/glibc-2.1.3-33.src.rpm
**Note: You must rebuild and install the RPM if you choose to
download and install the SRPM. Simply installing the SRPM alone
WILL NOT CLOSE THE SECURITY HOLE.
Please verify the MD5 checksums of the updates before you install:
MD5 sum Package Name
---------------------------------------------------------------------------
985c3946d8b659ddc36c15428056be51 glibc-2.1.3-33.i386.rpm
115c757d2fd29d8ad6281e5bb96a08df glibc-locale-2.1.3-10.noarch.rpm
955fc79bddbf80918fe51810b2fd2045 glibc-devel-2.1.3-33.i386.rpm
61c21f8ce865de4ff319e162474bd4d5 glibc-profile-2.1.3-33.i386.rpm
ada28c27fca1f259e1a4fee6686a5862 glibc-2.1.3-33.src.rpm
___________________________________________________________________________
These packages are GPG signed by Turbolinux for security. Our key
is available here:
http://www.turbolinux.com/security/tlgpgkey.asc
To verify a package, use the following command:
rpm --checksig name_of_rpm
To examine only the md5sum, use the following command:
rpm --checksig --nogpg name_of_rpm
**Note: Checking GPG keys requires RPM 3.0 or higher.
___________________________________________________________________________
You can find more updates on our ftp server:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/
for TL6.0 Workstation and Server security updates
Our webpage for security announcements:
http://www.turbolinux.com/security
If you want to report vulnerabilities, please contact:
security@turbolinux.com
___________________________________________________________________________
Subscribe to the TurboLinux Security Mailing lists:
TL-security - A moderated list for discussing security issues
TurboLinux products.
Subscribe at http://www.turbolinux.com/mailman/listinfo/tl-security
TL-security-announce - An announce-only mailing list for security
updates and alerts. Subscribe at:
http://www.turbolinux.com/mailman/listinfo/tl-security-announce
(6513810) /TurboLinux Security Team <security@www.turbolinux.com>/(Ombruten)