Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in glibc
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in glibc
ID: FEDORA-2013-15072
Distribution: Fedora
Plattformen: Fedora 18
Datum: Do, 5. September 2013, 08:03
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2207
Applikationen: GNU C library

Originalnachricht

Name        : glibc
Product : Fedora 18
Version : 2.16
Release : 34.fc18
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

-------------------------------------------------------------------------------
-
Update Information:

glibc security update:

CVE-2013-2207 glibc (pt_chown): Improper pseudotty ownership and permissions
changes when granting access to the slave pseudoterminal

The fix may break chroots if their devpts was not mounted correctly. Fix is to
mount the devpts correctly with gid=5.
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Aug 19 2013 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.16-34
- Disable pt_chown (#984829, CVE-2013-2207).
* Tue Jun 25 2013 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.16-33
- Fix libm performance regression due to set/restore rounding mode (#977887).
* Sun May 5 2013 Patsy Franklin <pfrankli@redhat.com> - 2.16-32
- Fix _nl_find_msg malloc failure case, and callers. (#959034).
* Tue Apr 30 2013 Patsy Franklin <pfrankli@redhat.com> - 2.16-31
- Update patch (#848748) for xdr request to use XDRMAXNAME and
XDRMAXRECORD (#892777).
* Sun Mar 17 2013 Carlos O'Donell <carlos@redhat.com> - 2.16-30
- Fix ownership of /usr/lib[64]/audit (#894307).
- Rename release engineering directory to `releng' (#903754).
- Fix multibyte character processing crash in regexp (#905874, #905877,
CVE-2013-0242)
* Wed Dec 26 2012 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.16-29
Fix sparc build with older compilers. (#890035)
* Mon Dec 10 2012 Patsy Franklin <pfrankli@redhat.com> - 2.16-28
- Backport fix for nss_db crash when db contains exactly one entry.(#878913)
* Fri Dec 7 2012 Patsy Franklin <pfrankli@redhat.com> - 2.16-27
- Backport crypto support from upstream. (#811753)
* Thu Dec 6 2012 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.16-26
- use uint64_t for __bswap64 (#859428).
* Wed Nov 28 2012 Patsy Franklin <pfrankli@redhat.com> - 2.16-25
- Backport of upstream BZ #5298. Don't flush buffer for ftell.
Compute offsets from write pointers instead. (#577950)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #976408 - CVE-2013-2207 glibc (pt_chown): Improper pseudotty
ownership and permissions changes when granting access to the slave pseudoterminal
https://bugzilla.redhat.com/show_bug.cgi?id=976408
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung