Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in glibc
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in glibc
ID: DSA-2122-1
Distribution: Debian
Plattformen: Debian lenny
Datum: Sa, 23. Oktober 2010, 15:30
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
Applikationen: GNU C library

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2122-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
October 22, 2010                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : glibc
Vulnerability  : missing input sanitization
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2010-3847 CVE-2010-3856
Debian Bug     : 600667

Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU
libc allows local users to gain root privileges using a crafted
LD_AUDIT environment variable.

For the stable distribution (lenny), this problem has been fixed in
version 2.7-18lenny6.

For the upcoming stable distribution (squeeze), this problem has been
fixed in version 2.11.2-6+squeeze1 of the eglibc package.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your glibc packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7.orig.tar.gz
    Size/MD5 checksum: 15386750 8816fbab13a072c0ccef6640c9d20833
  http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny6.dsc
    Size/MD5 checksum:     2864 0a5bae105aada2473191dd8706b4ee3f
  glibc_2.7-18lenny6.diff.gz
    Size/MD5 checksum:   767588 3421a1ff8874348dae35cdf58f447036

Architecture independent packages:

  glibc-doc_2.7-18lenny6_all.deb
    Size/MD5 checksum:  1629030 8f65d80bdb65e1fcefe13a0f67bb350e
  locales_2.7-18lenny6_all.deb
    Size/MD5 checksum:  4432002 d805e02d461e67f5df3c4dfd87d5ed60
  glibc-source_2.7-18lenny6_all.deb
    Size/MD5 checksum: 16008612 5e40f562173996225e7e6145d60aeeba

alpha architecture (DEC Alpha)

  libnss-dns-udeb_2.7-18lenny6_alpha.udeb
    Size/MD5 checksum:    10598 0d8d9de0d9a1ec2bca4c23fc7f8cbf55
  libc6.1_2.7-18lenny6_alpha.deb
    Size/MD5 checksum:  5184504 66f0a51bc250550f677e7ae6a3032d0a
  libc6.1-pic_2.7-18lenny6_alpha.deb
    Size/MD5 checksum:  1769546 ef42037cfcb204b3335945ed7b5a1c85
  locales-all_2.7-18lenny6_alpha.deb
    Size/MD5 checksum:  2785836 89667d60330729285695c432ed4abcc8
  libc6.1-udeb_2.7-18lenny6_alpha.udeb
    Size/MD5 checksum:  1264184 e70f66d132ebe98e6e0f2606b4ca7121
  nscd_2.7-18lenny6_alpha.deb
    Size/MD5 checksum:   177554 517af3bee8605c24c28149ed0fa846bb
  libnss-files-udeb_2.7-18lenny6_alpha.udeb
    Size/MD5 checksum:    18208 874fac32cc088d505a8602a53257912f
  libc6.1-alphaev67_2.7-18lenny6_alpha.deb
    Size/MD5 checksum:  1621418 3d2391946aa8adfd971b56929057382e
  libc6.1-dev_2.7-18lenny6_alpha.deb
    Size/MD5 checksum:  3029300 917d3528ddb06384b0280b53930a16c0
  libc6.1-prof_2.7-18lenny6_alpha.deb
    Size/MD5 checksum:  2492118 47763d04fe3bcc9f1f699d2dc7f55310
  libc6.1-dbg_2.7-18lenny6_alpha.deb
    Size/MD5 checksum:  5716602 27bf48fd5d0675258055d92c43b6c51f

amd64 architecture (AMD x86_64 (AMD64))

  libc6-prof_2.7-18lenny6_amd64.deb
    Size/MD5 checksum:  1930488 301009193e3780a911f1e184fce9b87c
  libc6-dev_2.7-18lenny6_amd64.deb
    Size/MD5 checksum:  2491416 13d2fc9d3564f309044ad1ea2c58495a
  libc6-pic_2.7-18lenny6_amd64.deb
    Size/MD5 checksum:  1465870 b621d62248666d277ac0a3f2eaa8b045
  libc6_2.7-18lenny6_amd64.deb
    Size/MD5 checksum:  4811778 7d7b313aa5a62e9740717aca453da85b
  libnss-files-udeb_2.7-18lenny6_amd64.udeb
    Size/MD5 checksum:    18312 e5a0ab207278a9b261a4a344eb8c4e72
  libc6-dbg_2.7-18lenny6_amd64.deb
    Size/MD5 checksum:  5310524 d375d550ade43fa25466ef294944b20f
  libc6-udeb_2.7-18lenny6_amd64.udeb
    Size/MD5 checksum:  1107334 c858864db43656cb5b7b1336a1dd330a
  libc6-i386_2.7-18lenny6_amd64.deb
    Size/MD5 checksum:  3653662 71f16ba7e73ce2848e91a9f987e0e0c5
  nscd_2.7-18lenny6_amd64.deb
    Size/MD5 checksum:   175502 b5278e6ac5be9509e4022d6230730aaf
  locales-all_2.7-18lenny6_amd64.deb
    Size/MD5 checksum:  2668436 bd07d5def2d94fe57ad0a4a61225e4f2
  libnss-dns-udeb_2.7-18lenny6_amd64.udeb
    Size/MD5 checksum:     9424 2da7259ac87a89eff1e0c618b134d49d
  libc6-dev-i386_2.7-18lenny6_amd64.deb
    Size/MD5 checksum:  1459294 73863f0cc3a77b3ca0ca5329bebbabc0

arm architecture (ARM)

  libnss-files-udeb_2.7-18lenny6_arm.udeb
    Size/MD5 checksum:    14572 ddab929ec6fa049cf4e52b4735269d16
  libnss-dns-udeb_2.7-18lenny6_arm.udeb
    Size/MD5 checksum:     8412 5fca17c0a6d1b48e484ad9037ee0994c
  locales-all_2.7-18lenny6_arm.deb
    Size/MD5 checksum:  2736634 e61e1e08d66addabdb5b665cf43e26e8
  libc6-dev_2.7-18lenny6_arm.deb
    Size/MD5 checksum:  2323658 984466b5b0532144daab59034edca3cb
  libc6_2.7-18lenny6_arm.deb
    Size/MD5 checksum:  4808794 60d9f6ec51af1605a392d95d93d31e4b
  nscd_2.7-18lenny6_arm.deb
    Size/MD5 checksum:   172086 5e2f841ecdff47482b1585bce2da7df8
  libc6-dbg_2.7-18lenny6_arm.deb
    Size/MD5 checksum:  5075604 fa409ef42bd0ef3f1f66f480f80de30d
  libc6-udeb_2.7-18lenny6_arm.udeb
    Size/MD5 checksum:  1026954 e827dee053f34271ebf8b56584d56fe6
  libc6-pic_2.7-18lenny6_arm.deb
    Size/MD5 checksum:  1323732 4ebf4d047b8672d0e8c6a62c239de06a
  libc6-prof_2.7-18lenny6_arm.deb
    Size/MD5 checksum:  1779334 8d1fb933c701c11173fb85928d2410a7

armel architecture (ARM EABI)

  libnss-dns-udeb_2.7-18lenny6_armel.udeb
    Size/MD5 checksum:     8152 81202c8c8ad425f96e6d6ed52a25ec39
  nscd_2.7-18lenny6_armel.deb
    Size/MD5 checksum:   171442 c4702ab1e1d00dd9869169aa4b7590e0
  libc6-udeb_2.7-18lenny6_armel.udeb
    Size/MD5 checksum:  1084506 347267bb7cde5208b139c91c6ce4d206
  locales-all_2.7-18lenny6_armel.deb
    Size/MD5 checksum:  2754836 3e35ea49bd22c8c7f9181b8e5d5c318c
  libnss-files-udeb_2.7-18lenny6_armel.udeb
    Size/MD5 checksum:    14552 d97fae3cf5dd84eb0fa4cf47e0ac4a58
  libc6-prof_2.7-18lenny6_armel.deb
    Size/MD5 checksum:  1893768 d6d491af7592cd0812703c4275dbe61e
  libc6_2.7-18lenny6_armel.deb
    Size/MD5 checksum:  4859952 7540ba353f9148df5d9327ae04198ab2
  libc6-dev_2.7-18lenny6_armel.deb
    Size/MD5 checksum:  2429200 c642380c514ef2e19a8719b0efc54859
  libc6-pic_2.7-18lenny6_armel.deb
    Size/MD5 checksum:  1396316 f93d072458c00f78afff26ae8197ca3f
  libc6-dbg_2.7-18lenny6_armel.deb
    Size/MD5 checksum:  5120630 7a9e30417a07b1d9f28aeeeb91397267

i386 architecture (Intel ia32)

  libc6-udeb_2.7-18lenny6_i386.udeb
    Size/MD5 checksum:   823448 2c61ad8fc7755f1076db8eeef825dd06
  libc6-prof_2.7-18lenny6_i386.deb
    Size/MD5 checksum:  1439724 fd2e06d55f52fc6a3e019d4ba5837ca5
  libc6-dbg_2.7-18lenny6_i386.deb
    Size/MD5 checksum:  5232058 d8e9dabc806bb2ed2fb511ca469fcdee
  libnss-dns-udeb_2.7-18lenny6_i386.udeb
    Size/MD5 checksum:     8684 2d1a4f27a5b03dee1d491badde82bbc8
  nscd_2.7-18lenny6_i386.deb
    Size/MD5 checksum:   172476 a2f5e1a6d887aac2472cd1d49bd8b6a1
  libc6-pic_2.7-18lenny6_i386.deb
    Size/MD5 checksum:  1155474 3e7e02bc61cf9fd9a37f116d94dd46c5
  libc6-xen_2.7-18lenny6_i386.deb
    Size/MD5 checksum:  1282052 d3a231b42e4874ed94b0646c58293bcd
  locales-all_2.7-18lenny6_i386.deb
    Size/MD5 checksum:  2752152 9a75846acb12d557acce71a4c9cf6843
  libnss-files-udeb_2.7-18lenny6_i386.udeb
    Size/MD5 checksum:    15430 623f53acca1c321df95e3bfcef5369f8
  libc6-dev-amd64_2.7-18lenny6_i386.deb
    Size/MD5 checksum:  2013266 884c9914eac037f20c66f1c064cc680a
  libc6-amd64_2.7-18lenny6_i386.deb
    Size/MD5 checksum:  4200546 880701716e329b71ee8bcc77664f2a94
  libc6-i686_2.7-18lenny6_i386.deb
    Size/MD5 checksum:  1278036 fd042101131cf66f38e49d78e2c6b6f4
  libc6-dev_2.7-18lenny6_i386.deb
    Size/MD5 checksum:  3386072 25e9b2c60b89e48bff1f3822f6f4d659
  libc6_2.7-18lenny6_i386.deb
    Size/MD5 checksum:  4566382 728924c508553af78ea05b7c280c1a97

ia64 architecture (Intel ia64)

  libc6.1-dbg_2.7-18lenny6_ia64.deb
    Size/MD5 checksum:  6281358 373330ebff126d6f38cf0a4b42c5f4eb
  libnss-dns-udeb_2.7-18lenny6_ia64.udeb
    Size/MD5 checksum:    12938 630326390c12702e145c2de076efc258
  locales-all_2.7-18lenny6_ia64.deb
    Size/MD5 checksum:  2777628 faebb3c3e2f26718b1c43bbaab419f68
  libc6.1-prof_2.7-18lenny6_ia64.deb
    Size/MD5 checksum:  2690068 6d912e3866dde96fe6239fb7a15e6572
  libnss-files-udeb_2.7-18lenny6_ia64.udeb
    Size/MD5 checksum:    22610 a6b2b0fad2214deef0faf68f7a7cf948
  libc6.1_2.7-18lenny6_ia64.deb
    Size/MD5 checksum:  5801636 99a01fd6de8a06380d1c3b480a10aea3
  libc6.1-dev_2.7-18lenny6_ia64.deb
    Size/MD5 checksum:  3244424 ae91430034f2313326f7b4944e7ed289
  libc6.1-pic_2.7-18lenny6_ia64.deb
    Size/MD5 checksum:  1742584 0283e8f3dd5aa89c630f3dab3f4a92cd
  libc6.1-udeb_2.7-18lenny6_ia64.udeb
    Size/MD5 checksum:  1383338 9066cf3f6988a21645abe7236ec61c93
  nscd_2.7-18lenny6_ia64.deb
    Size/MD5 checksum:   197680 70c768e048efe5b43d2a79c0f937f747

mips architecture (MIPS (Big Endian))

  libc6-prof_2.7-18lenny6_mips.deb
    Size/MD5 checksum:  2084156 60abd400c9864f2beea89c4b7133dc33
  libc6-dev_2.7-18lenny6_mips.deb
    Size/MD5 checksum:  2634518 5831738ee22c6ecd03b72e23a773ccdd
  libc6-mips64_2.7-18lenny6_mips.deb
    Size/MD5 checksum:  4357678 79b9430d17a3c46ecf3bf8817fa022cc
  libc6-dev-mips64_2.7-18lenny6_mips.deb
    Size/MD5 checksum:  2502364 5a6bc3fdf1e7fdbf8951c6a014a796b0
  libc6-udeb_2.7-18lenny6_mips.udeb
    Size/MD5 checksum:  1074178 d08272f58c975570b75aea1f96dd10d8
  libc6-dbg_2.7-18lenny6_mips.deb
    Size/MD5 checksum:  5613544 3eba5379870ba7fa27112eb2522b6c7a
  locales-all_2.7-18lenny6_mips.deb
    Size/MD5 checksum:  2797076 9456ccf8732e8c2bcdda776484aeebd1
  libc6-mipsn32_2.7-18lenny6_mips.deb
    Size/MD5 checksum:  9229084 1aac1eaf7bf1e3e4a9679012c4f384e8
  libc6-pic_2.7-18lenny6_mips.deb
    Size/MD5 checksum:  1497378 3a7141dea1dd0c70c0fbcc5aa4f5e9e6
  libc6_2.7-18lenny6_mips.deb
    Size/MD5 checksum:  4977462 62e365798ef04de5ff50565b83acab35
  nscd_2.7-18lenny6_mips.deb
    Size/MD5 checksum:   172498 d8452a24e77a1a0f7676258e61bf7c63
  libnss-dns-udeb_2.7-18lenny6_mips.udeb
    Size/MD5 checksum:     8894 d246cd341e282fa02e53ae376864a256
  libnss-files-udeb_2.7-18lenny6_mips.udeb
    Size/MD5 checksum:    15264 997d95357a9936b13fa49298a9b664f1
  libc6-dev-mipsn32_2.7-18lenny6_mips.deb
    Size/MD5 checksum:  2359224 b132a51062b393fd966f4a23563d048b

powerpc architecture (PowerPC)

  libc6-dbg_2.7-18lenny6_powerpc.deb
    Size/MD5 checksum:  6329478 dbf38cc02ce7e3d9a29049cda0627cd5
  nscd_2.7-18lenny6_powerpc.deb
    Size/MD5 checksum:   175170 1d057e085e4901c3aa08806416b0e116
  libnss-dns-udeb_2.7-18lenny6_powerpc.udeb
    Size/MD5 checksum:     9412 10fa1bd56d316f33b95b32e1535e7fb1
  libc6-prof_2.7-18lenny6_powerpc.deb
    Size/MD5 checksum:  2258402 0fd3b18968284bf7632bb1c3ae840dd9
  libc6-dev_2.7-18lenny6_powerpc.deb
    Size/MD5 checksum:  2805934 ab40a21e6f9e0dad1be6789a14edc094
  locales-all_2.7-18lenny6_powerpc.deb
    Size/MD5 checksum:  2761770 cafb92a9308ea432e9a839fec99d70bb
  libc6-udeb_2.7-18lenny6_powerpc.udeb
    Size/MD5 checksum:  1224434 3e836ec01f16cc438d335b05e0cab597
  libc6-pic_2.7-18lenny6_powerpc.deb
    Size/MD5 checksum:  1598080 c067282cdf991740d9282e11acc3c47b
  libc6-ppc64_2.7-18lenny6_powerpc.deb
    Size/MD5 checksum:  4495420 b1f735f6467c0b59f9eb3a1efcaa877b
  libc6_2.7-18lenny6_powerpc.deb
    Size/MD5 checksum:  5201184 cdc1ef9b0c7f6405efa1faaf19ebbf50
  libc6-dev-ppc64_2.7-18lenny6_powerpc.deb
    Size/MD5 checksum:  2410920 d0ea9f4dc0e7f31fc4e91dc332288f1b
  libnss-files-udeb_2.7-18lenny6_powerpc.udeb
    Size/MD5 checksum:    16830 e11287246d293031597f9d003b9f41c3

s390 architecture (IBM S/390)

  libc6-prof_2.7-18lenny6_s390.deb
    Size/MD5 checksum:  2196724 ee17712c84a7ac6b181b8d7ef958df51
  libc6-dev_2.7-18lenny6_s390.deb
    Size/MD5 checksum:  2724012 56dc3fb289f371ef4874e1c1ee3cbe22
  locales-all_2.7-18lenny6_s390.deb
    Size/MD5 checksum:  2697942 27d2aae46c794dc65b8de146b7bf084a
  libc6-dev-s390x_2.7-18lenny6_s390.deb
    Size/MD5 checksum:  2367136 221f20e52d6188068018ffc435927541
  libc6-pic_2.7-18lenny6_s390.deb
    Size/MD5 checksum:  1535746 b6a16710a9debb91182958f01b7a0ae0
  libnss-files-udeb_2.7-18lenny6_s390.udeb
    Size/MD5 checksum:    16200 eae23febdf3262391895d783ea21e5cc
  libc6-s390x_2.7-18lenny6_s390.deb
    Size/MD5 checksum:  4388124 a09e9d067498eb16a9c506ad6945429a
  libc6_2.7-18lenny6_s390.deb
    Size/MD5 checksum:  5142978 ef4ab215707611ff17340fd06c5612b0
  libnss-dns-udeb_2.7-18lenny6_s390.udeb
    Size/MD5 checksum:     9032 288671729642ed02aadd9ae2f58b8fb2
  libc6-udeb_2.7-18lenny6_s390.udeb
    Size/MD5 checksum:  1218574 07a1e17e8da263298a74e5ebf61137dd
  libc6-dbg_2.7-18lenny6_s390.deb
    Size/MD5 checksum:  5982420 c63b51c37d1dc7517d72ca36ae8389dd
  nscd_2.7-18lenny6_s390.deb
    Size/MD5 checksum:   177194 ca8b72ec79bb221c526dcf4cec0e506a

sparc architecture (Sun SPARC/UltraSPARC)

  libc6-pic_2.7-18lenny6_sparc.deb
    Size/MD5 checksum:  1613350 abfaa54615a17c4b3b5cd2a9e4e4f280
  libc6-udeb_2.7-18lenny6_sparc.udeb
    Size/MD5 checksum:  1249894 99ee8640523f7e320884a18c1aedd059
  locales-all_2.7-18lenny6_sparc.deb
    Size/MD5 checksum:  2795386 6b7bf01723f84efb71e2d2a57f942306
  libc6-sparcv9b_2.7-18lenny6_sparc.deb
    Size/MD5 checksum:  1762326 6844c5a85137ec81199a3d87c030bd82
  libc6-dev_2.7-18lenny6_sparc.deb
    Size/MD5 checksum:  2826990 c0404bbe265bf11d43bfcfcdba6a171d
  libc6_2.7-18lenny6_sparc.deb
    Size/MD5 checksum:  5151532 534a688eb5c3bd30604d085ffdbbfd8a
  libnss-files-udeb_2.7-18lenny6_sparc.udeb
    Size/MD5 checksum:    15046 bf2243caae2e9fee5de0fab4a4018927
  libc6-sparc64_2.7-18lenny6_sparc.deb
    Size/MD5 checksum:  4454672 e83508d544bc283688a365a31fe12ddb
  libc6-dev-sparc64_2.7-18lenny6_sparc.deb
    Size/MD5 checksum:  2589890 49eb63a5de516a061e23ecc8cdf84641
  nscd_2.7-18lenny6_sparc.deb
    Size/MD5 checksum:   171148 f2e831df29c2c835e9cd0fe08bbca036
  libnss-dns-udeb_2.7-18lenny6_sparc.udeb
    Size/MD5 checksum:     8328 ee8e8d506fd7caf14c30cebd3920ba05
  libc6-prof_2.7-18lenny6_sparc.deb
    Size/MD5 checksum:  2303716 3b409b9f6906e97a13f04d806f6c9dea
  libc6-dbg_2.7-18lenny6_sparc.deb
    Size/MD5 checksum:  6797120 9150306b13d18ebf76245a365f7edc28


  These files will probably be moved into the stable distribution on
  its next update.

-
 ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJMwcZrAAoJEL97/wQC1SS+0K8IAJGUlnVEWh8T/tV0Bok7ha13
egjk9xw4qAMeVIL4gikkrI+dRjF0jCfVk16CONkKldyGJF+1JMpi0hb+MhLo8Etx
DxOUPeeN44fGiHd8GE/qOHAKqgIlJmn36BlLkHm8AVm/6HNKrAKG6rFZGsCnBIES
f6WMyOidi3bsMs6O/AI0KDLcxHNBOzfAFWOh/fAZbGW5QnAf+2e61LcErJXbTE3G
vj5Sff6A+ovvEGyaQtymts5GP6PgoUJaPevw8EWz1onXTKMCBCXBSHIadKE7ZFc0
UHxeH0YEnsakW+FMNL2Die2ZDkUqIy1pyR0VG7Pnc1HXN8ZhGJXgvil690n7Lxc=
=pyP4
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
 listmaster@lists.debian.org
Archive: http://lists.debian.org/87pqv2taxu.fsf@mid.deneb.enyo.de
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung