Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in glibc
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in glibc
ID: SSA:2010-295-01
Distribution: Slackware
Plattformen: Slackware -current, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware x86_64 13.0, Slackware x86_64 -current, Slackware x86_64 13.1, Slackware 13.1
Datum: Sa, 23. Oktober 2010, 15:31
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
Applikationen: GNU C library

Originalnachricht


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] glibc (SSA:2010-295-01)

New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
and -current to fix a security issue.


Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/glibc-2.11.1-i486-4_slack13.1.txz: Rebuilt.
Patched "dynamic linker expands $ORIGIN in setuid library search
path".
This security issue allows a local attacker to gain root if they can create
a hard link to a setuid root binary. Thanks to Tavis Ormandy.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
http://seclists.org/fulldisclosure/2010/Oct/257
(* Security fix *)
patches/packages/glibc-i18n-2.11.1-i486-4_slack13.1.txz: Rebuilt.
patches/packages/glibc-profile-2.11.1-i486-4_slack13.1.txz: Rebuilt.
patches/packages/glibc-solibs-2.11.1-i486-4_slack13.1.txz: Rebuilt.
patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz: Rebuilt.
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 12.0:
glibc-2.5-i486-5_slack12.0.tgz
glibc-i18n-2.5-noarch-5_slack12.0.tgz
glibc-profile-2.5-i486-5_slack12.0.tgz
glibc-solibs-2.5-i486-5_slack12.0.tgz
glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz

Updated packages for Slackware 12.1:
glibc-2.7-i486-11_slack12.1.tgz
glibc-i18n-2.7-noarch-11_slack12.1.tgz
glibc-profile-2.7-i486-11_slack12.1.tgz
glibc-solibs-2.7-i486-11_slack12.1.tgz
glibc-zoneinfo-2.7-noarch-11_slack12.1.tgz

Updated packages for Slackware 12.2:
glibc-2.7-i486-18_slack12.2.tgz
glibc-i18n-2.7-noarch-18_slack12.2.tgz
glibc-profile-2.7-i486-18_slack12.2.tgz
glibc-solibs-2.7-i486-18_slack12.2.tgz
glibc-zoneinfo-2.7-noarch-18_slack12.2.tgz

Updated packages for Slackware 13.0:
glibc-2.9-i486-4_slack13.0.txz
glibc-i18n-2.9-i486-4_slack13.0.txz
glibc-profile-2.9-i486-4_slack13.0.txz
glibc-solibs-2.9-i486-4_slack13.0.txz
glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
glibc-2.9-x86_64-4_slack13.0.txz
glibc-i18n-2.9-x86_64-4_slack13.0.txz
glibc-profile-2.9-x86_64-4_slack13.0.txz
glibc-solibs-2.9-x86_64-4_slack13.0.txz
glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Updated packages for Slackware 13.1:
glibc-2.11.1-i486-4_slack13.1.txz
glibc-i18n-2.11.1-i486-4_slack13.1.txz
glibc-profile-2.11.1-i486-4_slack13.1.txz
glibc-solibs-2.11.1-i486-4_slack13.1.txz
glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
glibc-2.11.1-x86_64-4_slack13.1.txz
glibc-i18n-2.11.1-x86_64-4_slack13.1.txz
glibc-profile-2.11.1-x86_64-4_slack13.1.txz
glibc-solibs-2.11.1-x86_64-4_slack13.1.txz
glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Updated packages for Slackware -current:
glibc-solibs-2.12.1-i486-2.txz
glibc-zoneinfo-2.12.1-noarch-2.txz
glibc-2.12.1-i486-2.txz
glibc-i18n-2.12.1-i486-2.txz
glibc-profile-2.12.1-i486-2.txz

Updated packages for Slackware x86_64 -current:
glibc-solibs-2.12.1-x86_64-2.txz
glibc-zoneinfo-2.12.1-noarch-2.txz
glibc-2.12.1-x86_64-2.txz
glibc-i18n-2.12.1-x86_64-2.txz
glibc-profile-2.12.1-x86_64-2.txz


MD5 signatures:
+-------------+

Slackware 12.0 packages:
fe218536818e92a129c1bc54c939746d glibc-2.5-i486-5_slack12.0.tgz
44a61910ef911b8577d8ffe6db25a4d0 glibc-i18n-2.5-noarch-5_slack12.0.tgz
646f591a5a7f276d26d1731dff195417 glibc-profile-2.5-i486-5_slack12.0.tgz
a230abf524edc643ce004c1ff64f512b glibc-solibs-2.5-i486-5_slack12.0.tgz
e6de7535e8271d0db267263915a70e22 glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz

Slackware 12.1 packages:
c0fdd589622cdb60381c2f28f2bfff1a glibc-2.7-i486-11_slack12.1.tgz
7ce224522417c2aeaa131f915a09e479 glibc-i18n-2.7-noarch-11_slack12.1.tgz
f4a4ad055eb2aa1ecb984917d868b242 glibc-profile-2.7-i486-11_slack12.1.tgz
2cc062234dc826841222e80ce1b4ce06 glibc-solibs-2.7-i486-11_slack12.1.tgz
9a2f1fdf3185bc9ce2e641b6c94bf33b glibc-zoneinfo-2.7-noarch-11_slack12.1.tgz

Slackware 12.2 packages:
63d1f63892d856a1f809cc8d4b794453 glibc-2.7-i486-18_slack12.2.tgz
f0de3e78497498323f089ddb56ba5f51 glibc-i18n-2.7-noarch-18_slack12.2.tgz
e30bd13da86ef3c127dedb7a31a490fd glibc-profile-2.7-i486-18_slack12.2.tgz
26c50351c530bc569ed2664aa8ea1ab0 glibc-solibs-2.7-i486-18_slack12.2.tgz
077fcc888ee6ebcfc00018043754d199 glibc-zoneinfo-2.7-noarch-18_slack12.2.tgz

Slackware 13.0 packages:
1b8f954339e7f33b2149193964b83070 glibc-2.9-i486-4_slack13.0.txz
abd450ab5ef57d775561e2a9fc9cc83a glibc-i18n-2.9-i486-4_slack13.0.txz
82fb6947e1a6cfa49ba633cb85da1970 glibc-profile-2.9-i486-4_slack13.0.txz
dfe9770d051633ba612622651b872912 glibc-solibs-2.9-i486-4_slack13.0.txz
997fc370ffb9c47542371854b77d20f1 glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Slackware x86_64 13.0 packages:
da45460ae0ca09a4ead864e4ec536699 glibc-2.9-x86_64-4_slack13.0.txz
872227d8d5615881c72fd40ee8df685c glibc-i18n-2.9-x86_64-4_slack13.0.txz
b3862eb5479a8c8a807395267fdf80b0 glibc-profile-2.9-x86_64-4_slack13.0.txz
12bd96ae14d54e30bdb3ef6f7cc233cf glibc-solibs-2.9-x86_64-4_slack13.0.txz
3c77b4da325e30d1a5b33dd08e8778ff glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Slackware 13.1 packages:
a54af004a11c4dd22aac80a1987a2eb6 glibc-2.11.1-i486-4_slack13.1.txz
0d5b3848b6ca455e40acaeb5f96e171e glibc-i18n-2.11.1-i486-4_slack13.1.txz
e139fea062d772e1777e74c657101f82 glibc-profile-2.11.1-i486-4_slack13.1.txz
5587f6b82dc3e2f8e7644500c98587ec glibc-solibs-2.11.1-i486-4_slack13.1.txz
eac27b0a86c8d214356f4c129d9a7272 glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Slackware x86_64 13.1 packages:
304f9204bef835b10840b71fcaad4354 glibc-2.11.1-x86_64-4_slack13.1.txz
bca59e40ffcf3069c70eb15947eb04e9 glibc-i18n-2.11.1-x86_64-4_slack13.1.txz
03f09bf10f5a61285b5bfdf9e2009137 glibc-profile-2.11.1-x86_64-4_slack13.1.txz
27bb1cac7066a76dab2f04a2fcb3a14c glibc-solibs-2.11.1-x86_64-4_slack13.1.txz
236372130178abc826e09eaa12dd7db5 glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Slackware -current packages:
39b8c96ef2161c86cd13ee8fd240bf97 a/glibc-solibs-2.12.1-i486-2.txz
f26f8165f418b0d8120ee3d44c0dbd14 a/glibc-zoneinfo-2.12.1-noarch-2.txz
d7ef55b89b6c5d350d81e377317a6610 l/glibc-2.12.1-i486-2.txz
bcf549bf173537bef56e823216a2eb59 l/glibc-i18n-2.12.1-i486-2.txz
77da2dd0aa8504b8446638282bfd39a6 l/glibc-profile-2.12.1-i486-2.txz

Slackware x86_64 -current packages:
046aa5bccd77f9b7ab8be35a609d20b5 a/glibc-solibs-2.12.1-x86_64-2.txz
07c3df0db68615c529b90a31ba9125eb a/glibc-zoneinfo-2.12.1-noarch-2.txz
60049dd502b2ad4d1ffd9f0e4c5790cf l/glibc-2.12.1-x86_64-2.txz
2ff8df667920817e2654f6af3f3787fa l/glibc-i18n-2.12.1-x86_64-2.txz
728482177fec580983a40eaa7d1a88ee l/glibc-profile-2.12.1-x86_64-2.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg glibc-*.t?z


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzB/2EACgkQakRjwEAQIjOr4wCfX9lc755dUUqxo+Fvt5AS4udK
IFMAn3nGstluhmFTBg3U9qAp1OUrxuZ5
=mynv
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung