Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf und Denial of Service in glibc
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf und Denial of Service in glibc
ID: MDKSA-2003:107
Distribution: Mandrake
Plattformen: Mandrake 9.0, Mandrake Multi Network Firewall 8.2, Mandrake Corporate Server 2.1, Mandrake 9.1
Datum: Mi, 19. November 2003, 12:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0689
Applikationen: GNU C library

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrake Linux Security Update Advisory
_______________________________________________________________________

Package name: glibc
Advisory ID: MDKSA-2003:107
Date: November 18th, 2003

Affected versions: 9.0, 9.1, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________

Problem Description:

A bug was discovered in the getgrouplist function in glibc that can
cause a buffer overflow if the size of the group list is too small to
hold all the user's groups. This overflow can cause segementation
faults in various user applications, some of which may lead to
additional security problems. The problem can only be triggered if the
user is in a larger number of groups than expected by an application.

The provided packages are patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0689
______________________________________________________________________

Updated Packages:

Corporate Server 2.1:
a75afbeab6bb0af8312606a5206b649f
corporate/2.1/RPMS/glibc-2.2.5-16.3.C21mdk.i586.rpm
0728825f51c3bbdd93c8f2573927c035
corporate/2.1/RPMS/glibc-devel-2.2.5-16.3.C21mdk.i586.rpm
cb76d0a10f88a3194023065888e16a9e
corporate/2.1/RPMS/glibc-i18ndata-2.2.5-16.3.C21mdk.i586.rpm
904f109cf66575c2eaa8e15a6f1ddee1
corporate/2.1/RPMS/glibc-profile-2.2.5-16.3.C21mdk.i586.rpm
007307c4d8a271f72a97fc97f7303ff5
corporate/2.1/RPMS/glibc-static-devel-2.2.5-16.3.C21mdk.i586.rpm
4c8a57e8fdc3acefb8daa6eeda23ba70
corporate/2.1/RPMS/glibc-utils-2.2.5-16.3.C21mdk.i586.rpm
76efd47f25ba60c9bbc567668a38e4ff
corporate/2.1/RPMS/ldconfig-2.2.5-16.3.C21mdk.i586.rpm
efd517e924eb066acd0856bb476f87af
corporate/2.1/RPMS/nscd-2.2.5-16.3.C21mdk.i586.rpm
7c062ed74887835eba2f1a50a265b8c9
corporate/2.1/RPMS/timezone-2.2.5-16.3.C21mdk.i586.rpm
61f2d1b5fe0bc03cb0af9ef086c667bb
corporate/2.1/SRPMS/glibc-2.2.5-16.3.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
5aae39182bab1d726180953a7cd8d792
x86_64/corporate/2.1/RPMS/glibc-2.2.5-28.1.C21mdk.x86_64.rpm
d3486ac35ba3d078e737be31113475f0
x86_64/corporate/2.1/RPMS/glibc-debug-2.2.5-28.1.C21mdk.x86_64.rpm
939043df28c991d7b37b33fef3d0feb2
x86_64/corporate/2.1/RPMS/glibc-devel-2.2.5-28.1.C21mdk.x86_64.rpm
c1b184cb452e4d60f268a4fc5f48e174
x86_64/corporate/2.1/RPMS/glibc-i18ndata-2.2.5-28.1.C21mdk.x86_64.rpm
f2777101e2778fe7de39673220d7a069
x86_64/corporate/2.1/RPMS/glibc-profile-2.2.5-28.1.C21mdk.x86_64.rpm
b2d191df43537f5f8e2e100b1de072ed
x86_64/corporate/2.1/RPMS/glibc-static-devel-2.2.5-28.1.C21mdk.x86_64.rpm
083d9e44ce870e0d0ba2cea4c67963ec
x86_64/corporate/2.1/RPMS/glibc-utils-2.2.5-28.1.C21mdk.x86_64.rpm
0e6f3655b336442eb80847d1e2be858a
x86_64/corporate/2.1/RPMS/ldconfig-2.2.5-28.1.C21mdk.x86_64.rpm
059c6093ad5916e48a8786211a7ece0a
x86_64/corporate/2.1/RPMS/nscd-2.2.5-28.1.C21mdk.x86_64.rpm
e0a23600cbd0ceb7a44fd4e275b4f454
x86_64/corporate/2.1/RPMS/timezone-2.2.5-28.1.C21mdk.x86_64.rpm
c4de027516cfb1c943656f3876c89c44
x86_64/corporate/2.1/SRPMS/glibc-2.2.5-28.1.C21mdk.src.rpm

Mandrake Linux 9.0:
e64b4f099e7cd715c5ff1fc895101821 9.0/RPMS/glibc-2.2.5-16.3.90mdk.i586.rpm
48a4f54fc49c39306a002633ae4495af
9.0/RPMS/glibc-devel-2.2.5-16.3.90mdk.i586.rpm
9db7115962de7c0680ce0de12ea1955c
9.0/RPMS/glibc-i18ndata-2.2.5-16.3.90mdk.i586.rpm
c5fed843eb910c860e3af39e6583e3bb
9.0/RPMS/glibc-profile-2.2.5-16.3.90mdk.i586.rpm
2608fa069dfd563541f018742310d7b0
9.0/RPMS/glibc-static-devel-2.2.5-16.3.90mdk.i586.rpm
101574c95eeb7e8849f9ef0010afdec4
9.0/RPMS/glibc-utils-2.2.5-16.3.90mdk.i586.rpm
9c809b34abce979ef8cc2dea06a4b025 9.0/RPMS/ldconfig-2.2.5-16.3.90mdk.i586.rpm
2b04e51c90b79235ccfe673b123fbb9c 9.0/RPMS/nscd-2.2.5-16.3.90mdk.i586.rpm
386ac1d7f745c8deb1d3346cf86f7b51 9.0/RPMS/timezone-2.2.5-16.3.90mdk.i586.rpm
434a57fb27d0d12337bc579eaf89d1db 9.0/SRPMS/glibc-2.2.5-16.3.90mdk.src.rpm

Mandrake Linux 9.1:
14b04c0c5abfcdeeb7ddcd99dff6f59c 9.1/RPMS/glibc-2.3.1-10.1.91mdk.i586.rpm
db0399ed5e4e5932ccd68eb1d971e918
9.1/RPMS/glibc-debug-2.3.1-10.1.91mdk.i586.rpm
55e698783b2f00d56e74a6a0295ddc65
9.1/RPMS/glibc-devel-2.3.1-10.1.91mdk.i586.rpm
8d794fa39d989aff297eecddf8f3a89a
9.1/RPMS/glibc-i18ndata-2.3.1-10.1.91mdk.i586.rpm
28000c25d34f6b6136092840825009a8
9.1/RPMS/glibc-profile-2.3.1-10.1.91mdk.i586.rpm
2fd232922ed61aba14ca2da29948bfa5
9.1/RPMS/glibc-static-devel-2.3.1-10.1.91mdk.i586.rpm
93c16beb43e79147b89d89dc080dcc3c
9.1/RPMS/glibc-utils-2.3.1-10.1.91mdk.i586.rpm
dde039c956d163bfd0d58729765acc0d 9.1/RPMS/ldconfig-2.3.1-10.1.91mdk.i586.rpm
c4a00854f69004fdc8875ceae2a23cab 9.1/RPMS/nscd-2.3.1-10.1.91mdk.i586.rpm
e8f5a1eddced3c8e63d2a00236468a0a 9.1/RPMS/timezone-2.3.1-10.1.91mdk.i586.rpm
6c7aa1aae0bc39f4211a3d0d1b9b79fa 9.1/SRPMS/glibc-2.3.1-10.1.91mdk.src.rpm

Mandrake Linux 9.1/PPC:
bdacbfff4264a72f3106bd323597d668 ppc/9.1/RPMS/glibc-2.3.1-10.1.91mdk.ppc.rpm
1b3c15be2106be26ed3532a372f68e27
ppc/9.1/RPMS/glibc-debug-2.3.1-10.1.91mdk.ppc.rpm
5e08d596df7113323ae399c04328c091
ppc/9.1/RPMS/glibc-devel-2.3.1-10.1.91mdk.ppc.rpm
4a763d9d65729ae8523b3991561d8cdb
ppc/9.1/RPMS/glibc-i18ndata-2.3.1-10.1.91mdk.ppc.rpm
5b856ef8b4e1fcba7b6ea4a04c158e87
ppc/9.1/RPMS/glibc-profile-2.3.1-10.1.91mdk.ppc.rpm
0f51825ee3c18bcb2feb3a8dd2739f46
ppc/9.1/RPMS/glibc-static-devel-2.3.1-10.1.91mdk.ppc.rpm
111efa86d73c156110a31eaa6bbe9f02
ppc/9.1/RPMS/glibc-utils-2.3.1-10.1.91mdk.ppc.rpm
0cfa1714f9ef4e1c62498d08ee5b3042
ppc/9.1/RPMS/ldconfig-2.3.1-10.1.91mdk.ppc.rpm
c961c16bc6eef858083f6e42d5f875c1 ppc/9.1/RPMS/nscd-2.3.1-10.1.91mdk.ppc.rpm
ea602b9406296fc2f198167924ab35cf
ppc/9.1/RPMS/timezone-2.3.1-10.1.91mdk.ppc.rpm
6c7aa1aae0bc39f4211a3d0d1b9b79fa ppc/9.1/SRPMS/glibc-2.3.1-10.1.91mdk.src.rpm

Multi Network Firewall 8.2:
058bc1cc39d9af370e6334de4d5ca892 mnf8.2/RPMS/glibc-2.2.4-26.3.M82mdk.i586.rpm
b8feb768e9825ed998b46b90094543fd
mnf8.2/RPMS/ldconfig-2.2.4-26.3.M82mdk.i586.rpm
be3a063c275d0240395b433aef3a7ea4 mnf8.2/SRPMS/glibc-2.2.4-26.3.M82mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/uvgImqjQ0CJFipgRAtiGAJwPfnSelVLECYrDYKCOjtZIfORzvgCfctxx
0h5uimjEFIZdZd01HpsMjYk=
=aMES
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung