[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Slackit.org] [slackware-security] glibc XDR overflow fix (SSA:2003-14
|
From: |
Andrea Guarnaccia |
|
Subject: |
[Slackit.org] [slackware-security] glibc XDR overflow fix (SSA:2003-141-03) |
|
Date: |
Thu, 22 May 2003 14:57:00 +0200 (CEST) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] glibc XDR overflow fix (SSA:2003-141-03)
An integer overflow in the xdrmem_getbytes() function found in the glibc
library has been fixed. This could allow a remote attacker to execute
arbitrary code by exploiting RPC service that use xdrmem_getbytes(). None of
the default RPC services provided by Slackware appear to use this function,
but third-party applications may make use of it.
We recommend upgrading to these new glibc packages.
Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Tue May 20 20:13:09 PDT 2003
patches/packages/glibc-2.3.1-i386-4.tgz: Patched, recompiled.
(* Security fix *)
patches/packages/glibc-debug-2.3.1-i386-4.tgz: Patched, recompiled.
(* Security fix *)
patches/packages/glibc-i18n-2.3.1-noarch-4.tgz: Rebuilt.
patches/packages/glibc-profile-2.3.1-i386-4.tgz: Patched, recompiled.
(* Security fix *)
patches/packages/glibc-solibs-2.3.1-i386-4.tgz: Patched a buffer overflow in
some dead code (xdrmem_getbytes(), which we couldn't find used by anything,
but it doesn't hurt to patch it anyway)
(* Security fix *)
patches/packages/glibc-zoneinfo-2.3.1-noarch-4.tgz: Rebuilt.
+--------------------------+
WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+
Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/glibc-2.2.5-i386-4.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/glibc-solibs-2.2.5-i386-4.tgz
Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/glibc-2.3.1-i386-4.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/glibc-debug-2.3.1-i386-4.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/glibc-i18n-2.3.1-noarch-4.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/glibc-profile-2.3.1-i386-4.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/glibc-solibs-2.3.1-i386-4.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/glibc-zoneinfo-2.3.1-noarch-4.tgz
MD5 SIGNATURES:
+-------------+
Slackware 8.1 packages:
ae235701abcccdc726789c9af5a0eb7b glibc-2.2.5-i386-4.tgz
83714476158d8f93a1f597bfdc6945e7 glibc-solibs-2.2.5-i386-4.tgz
Slackware 9.0 packages:
98fb90ce972b42bf5731bc71a722832a glibc-2.3.1-i386-4.tgz
9f2c944389f25dfe1c1dcb13210d9dc4 glibc-debug-2.3.1-i386-4.tgz
fa9fe934fe1dde4c134021e39aadaf7e glibc-i18n-2.3.1-noarch-4.tgz
1b264af8e047fa9378169bb4f8a9836f glibc-profile-2.3.1-i386-4.tgz
7c31f7602c54262c1e3ae16e59f8e0d6 glibc-solibs-2.3.1-i386-4.tgz
35b89aa808f4e7c8424f50eab73d824a glibc-zoneinfo-2.3.1-noarch-4.tgz
INSTALLATION INSTRUCTIONS:
+------------------------+
Upgrade using upgradepkg (as root):
upgradepkg glibc-*.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
address@hidden
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Slackit.org] [slackware-security] glibc XDR overflow fix (SSA:2003-141-03),
Andrea Guarnaccia <=