drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zahlenüberläufe in glibc
Name: |
Zahlenüberläufe in glibc |
|
ID: |
SSA:2012-244-01 |
|
Distribution: |
Slackware |
|
Plattformen: |
Slackware -current, Slackware x86_64 -current, Slackware x86_64 13.1, Slackware 13.1, Slackware x86_64 13.37, Slackware 13.37 |
|
Datum: |
Sa, 1. September 2012, 11:41 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480 |
|
Applikationen: |
GNU C library |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] glibc (SSA:2012-244-01)
New glibc packages are available for Slackware 13.1, 13.37, and -current to fix security issues.
Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/glibc-2.13-i486-6_slack13.37.txz: Rebuilt. Patched multiple integer overflows in the strtod, strtof, strtold, and strtod_l functions in stdlib in the GNU C Library allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480 (* Security fix *) patches/packages/glibc-i18n-2.13-i486-6_slack13.37.txz: Rebuilt. patches/packages/glibc-profile-2.13-i486-6_slack13.37.txz: Rebuilt. patches/packages/glibc-solibs-2.13-i486-6_slack13.37.txz: Rebuilt. patches/packages/glibc-zoneinfo-2.13-noarch-6_slack13.37.txz: Rebuilt. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.1: glibc-2.11.1-i486-7_slack13.1.txz glibc-i18n-2.11.1-i486-7_slack13.1.txz glibc-profile-2.11.1-i486-7_slack13.1.txz glibc-solibs-2.11.1-i486-7_slack13.1.txz glibc-zoneinfo-2.11.1-noarch-7_slack13.1.txz
Updated packages for Slackware x86_64 13.1: glibc-2.11.1-x86_64-7_slack13.1.txz glibc-i18n-2.11.1-x86_64-7_slack13.1.txz glibc-profile-2.11.1-x86_64-7_slack13.1.txz glibc-solibs-2.11.1-x86_64-7_slack13.1.txz glibc-zoneinfo-2.11.1-noarch-7_slack13.1.txz
Updated packages for Slackware 13.37: glibc-2.13-i486-6_slack13.37.txz glibc-i18n-2.13-i486-6_slack13.37.txz glibc-profile-2.13-i486-6_slack13.37.txz glibc-solibs-2.13-i486-6_slack13.37.txz glibc-zoneinfo-2.13-noarch-6_slack13.37.txz
Updated packages for Slackware x86_64 13.37: glibc-2.13-x86_64-6_slack13.37.txz glibc-i18n-2.13-x86_64-6_slack13.37.txz glibc-profile-2.13-x86_64-6_slack13.37.txz glibc-solibs-2.13-x86_64-6_slack13.37.txz glibc-zoneinfo-2.13-noarch-6_slack13.37.txz
Updated packages for Slackware -current: glibc-solibs-2.15-i486-6.txz glibc-zoneinfo-2012e_2012e-noarch-6.txz glibc-2.15-i486-6.txz glibc-i18n-2.15-i486-6.txz glibc-profile-2.15-i486-6.txz
Updated packages for Slackware x86_64 -current: glibc-solibs-2.15-x86_64-6.txz glibc-zoneinfo-2012e_2012e-noarch-6.txz glibc-2.15-x86_64-6.txz glibc-i18n-2.15-x86_64-6.txz glibc-profile-2.15-x86_64-6.txz
MD5 signatures: +-------------+
Slackware 13.1 packages: edd13967ed3d8dec440a89ee5289fbca glibc-2.11.1-i486-7_slack13.1.txz 6f32d223d76deeb7b9f3a21922bd01b5 glibc-i18n-2.11.1-i486-7_slack13.1.txz a0e1250d433bbb79a3ba08b9c7d71e51 glibc-profile-2.11.1-i486-7_slack13.1.txz 864ca9b87dfb11785128133cfea320db glibc-solibs-2.11.1-i486-7_slack13.1.txz f7561370aae626dca40bbbdfd51dfda9 glibc-zoneinfo-2.11.1-noarch-7_slack13.1.txz
Slackware x86_64 13.1 packages: fc12fd088f1e537258650875fec86438 glibc-2.11.1-x86_64-7_slack13.1.txz 7a7e5b5303ae013201d80ace00ef2bd7 glibc-i18n-2.11.1-x86_64-7_slack13.1.txz fd15e380056b751d633a9d5f68cb2203 glibc-profile-2.11.1-x86_64-7_slack13.1.txz b5b6dc3c09d53622098ea9d24dc7072e glibc-solibs-2.11.1-x86_64-7_slack13.1.txz f0697995c80b6e636b77336d68095826 glibc-zoneinfo-2.11.1-noarch-7_slack13.1.txz
Slackware 13.37 packages: 981ea852e4a84e52581eb8552a0d560d glibc-2.13-i486-6_slack13.37.txz db61d214708227d74794dce0bf20e413 glibc-i18n-2.13-i486-6_slack13.37.txz 58a459cbe063222332efd9f206d6debc glibc-profile-2.13-i486-6_slack13.37.txz 0608e56b8e2505dede8788929b3f3e6c glibc-solibs-2.13-i486-6_slack13.37.txz c054e6efb42b94da65a808d435992307 glibc-zoneinfo-2.13-noarch-6_slack13.37.txz
Slackware x86_64 13.37 packages: 683c0976cf447451f70ad89e938b9777 glibc-2.13-x86_64-6_slack13.37.txz a1fd86ad6c472f6de29f20ae75af0f5a glibc-i18n-2.13-x86_64-6_slack13.37.txz 7e1400cb7a85ac091ab481d3df724b85 glibc-profile-2.13-x86_64-6_slack13.37.txz b14d793b43de47999ceec4013671d939 glibc-solibs-2.13-x86_64-6_slack13.37.txz 04f95620164ab72f4b3739881ce95adb glibc-zoneinfo-2.13-noarch-6_slack13.37.txz
Slackware -current packages: a3cd88ff0d0dcacfa43c0003afddc7a8 a/glibc-solibs-2.15-i486-6.txz b8fd7fab60bcd4b3e72c75b41f2a1463 a/glibc-zoneinfo-2012e_2012e-noarch-6.txz 98bb23242f559cad59f4e3bd7b7ab63f l/glibc-2.15-i486-6.txz d2768f1d5d17a66288d6f6d5525fade0 l/glibc-i18n-2.15-i486-6.txz 8f909602ea32f81950731bcef6a28533 l/glibc-profile-2.15-i486-6.txz
Slackware x86_64 -current packages: 538e100455adc41cf41db73cdbe51685 a/glibc-solibs-2.15-x86_64-6.txz 3dbcddbdc4972049e633c588f3fbf182 a/glibc-zoneinfo-2012e_2012e-noarch-6.txz e2801fdd45ea6d26a7f3b28111c1ea45 l/glibc-2.15-x86_64-6.txz fc500389aecef3bbbd574f83fe564ddc l/glibc-i18n-2.15-x86_64-6.txz eb2968f0e1fa932d79c4d32c546ae101 l/glibc-profile-2.15-x86_64-6.txz
Installation instructions: +------------------------+
Upgrade the packages as root: # upgradepkg glibc-*.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlBA9w4ACgkQakRjwEAQIjNGawCdEXkb6UuW89udSzwoGFQllH+q 1pwAniNvIcUIis+WXyqE2dLT5EvhNx9R =Ytot -----END PGP SIGNATURE-----
|
|
|
|