Ausführen beliebiger Kommandos in glibc
ID: | SSA:2010-295-01 |
Distribution: | Slackware |
Plattformen: | Slackware -current, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware x86_64 13.0, Slackware x86_64 -current, Slackware x86_64 13.1, Slackware 13.1 |
Datum: | Sa, 23. Oktober 2010, 15:31 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847 |
Applikationen: | GNU C library |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] glibc (SSA:2010-295-01) New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: +--------------------------+ patches/packages/glibc-2.11.1-i486-4_slack13.1.txz: Rebuilt. Patched "dynamic linker expands $ORIGIN in setuid library search path". This security issue allows a local attacker to gain root if they can create a hard link to a setuid root binary. Thanks to Tavis Ormandy. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847 http://seclists.org/fulldisclosure/2010/Oct/257 (* Security fix *) patches/packages/glibc-i18n-2.11.1-i486-4_slack13.1.txz: Rebuilt. patches/packages/glibc-profile-2.11.1-i486-4_slack13.1.txz: Rebuilt. patches/packages/glibc-solibs-2.11.1-i486-4_slack13.1.txz: Rebuilt. patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz: Rebuilt. +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-2.5-i486-5_slack12.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-i18n-2.5-noarch-5_slack12.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-profile-2.5-i486-5_slack12.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-solibs-2.5-i486-5_slack12.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz Updated packages for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-2.7-i486-11_slack12.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-i18n-2.7-noarch-11_slack12.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-profile-2.7-i486-11_slack12.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-solibs-2.7-i486-11_slack12.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-zoneinfo-2.7-noarch-11_slack12.1.tgz Updated packages for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-2.7-i486-18_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-i18n-2.7-noarch-18_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-profile-2.7-i486-18_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-solibs-2.7-i486-18_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-zoneinfo-2.7-noarch-18_slack12.2.tgz Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-2.9-i486-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-i18n-2.9-i486-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-profile-2.9-i486-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-solibs-2.9-i486-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-zoneinfo-2.9-noarch-4_slack13.0.txz Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-2.9-x86_64-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-i18n-2.9-x86_64-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-profile-2.9-x86_64-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-solibs-2.9-x86_64-4_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-zoneinfo-2.9-noarch-4_slack13.0.txz Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-4_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.12.1-i486-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2.12.1-noarch-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.12.1-i486-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.12.1-i486-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.12.1-i486-2.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.12.1-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2.12.1-noarch-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.12.1-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.12.1-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.12.1-x86_64-2.txz MD5 signatures: +-------------+ Slackware 12.0 packages: fe218536818e92a129c1bc54c939746d glibc-2.5-i486-5_slack12.0.tgz 44a61910ef911b8577d8ffe6db25a4d0 glibc-i18n-2.5-noarch-5_slack12.0.tgz 646f591a5a7f276d26d1731dff195417 glibc-profile-2.5-i486-5_slack12.0.tgz a230abf524edc643ce004c1ff64f512b glibc-solibs-2.5-i486-5_slack12.0.tgz e6de7535e8271d0db267263915a70e22 glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz Slackware 12.1 packages: c0fdd589622cdb60381c2f28f2bfff1a glibc-2.7-i486-11_slack12.1.tgz 7ce224522417c2aeaa131f915a09e479 glibc-i18n-2.7-noarch-11_slack12.1.tgz f4a4ad055eb2aa1ecb984917d868b242 glibc-profile-2.7-i486-11_slack12.1.tgz 2cc062234dc826841222e80ce1b4ce06 glibc-solibs-2.7-i486-11_slack12.1.tgz 9a2f1fdf3185bc9ce2e641b6c94bf33b glibc-zoneinfo-2.7-noarch-11_slack12.1.tgz Slackware 12.2 packages: 63d1f63892d856a1f809cc8d4b794453 glibc-2.7-i486-18_slack12.2.tgz f0de3e78497498323f089ddb56ba5f51 glibc-i18n-2.7-noarch-18_slack12.2.tgz e30bd13da86ef3c127dedb7a31a490fd glibc-profile-2.7-i486-18_slack12.2.tgz 26c50351c530bc569ed2664aa8ea1ab0 glibc-solibs-2.7-i486-18_slack12.2.tgz 077fcc888ee6ebcfc00018043754d199 glibc-zoneinfo-2.7-noarch-18_slack12.2.tgz Slackware 13.0 packages: 1b8f954339e7f33b2149193964b83070 glibc-2.9-i486-4_slack13.0.txz abd450ab5ef57d775561e2a9fc9cc83a glibc-i18n-2.9-i486-4_slack13.0.txz 82fb6947e1a6cfa49ba633cb85da1970 glibc-profile-2.9-i486-4_slack13.0.txz dfe9770d051633ba612622651b872912 glibc-solibs-2.9-i486-4_slack13.0.txz 997fc370ffb9c47542371854b77d20f1 glibc-zoneinfo-2.9-noarch-4_slack13.0.txz Slackware x86_64 13.0 packages: da45460ae0ca09a4ead864e4ec536699 glibc-2.9-x86_64-4_slack13.0.txz 872227d8d5615881c72fd40ee8df685c glibc-i18n-2.9-x86_64-4_slack13.0.txz b3862eb5479a8c8a807395267fdf80b0 glibc-profile-2.9-x86_64-4_slack13.0.txz 12bd96ae14d54e30bdb3ef6f7cc233cf glibc-solibs-2.9-x86_64-4_slack13.0.txz 3c77b4da325e30d1a5b33dd08e8778ff glibc-zoneinfo-2.9-noarch-4_slack13.0.txz Slackware 13.1 packages: a54af004a11c4dd22aac80a1987a2eb6 glibc-2.11.1-i486-4_slack13.1.txz 0d5b3848b6ca455e40acaeb5f96e171e glibc-i18n-2.11.1-i486-4_slack13.1.txz e139fea062d772e1777e74c657101f82 glibc-profile-2.11.1-i486-4_slack13.1.txz 5587f6b82dc3e2f8e7644500c98587ec glibc-solibs-2.11.1-i486-4_slack13.1.txz eac27b0a86c8d214356f4c129d9a7272 glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz Slackware x86_64 13.1 packages: 304f9204bef835b10840b71fcaad4354 glibc-2.11.1-x86_64-4_slack13.1.txz bca59e40ffcf3069c70eb15947eb04e9 glibc-i18n-2.11.1-x86_64-4_slack13.1.txz 03f09bf10f5a61285b5bfdf9e2009137 glibc-profile-2.11.1-x86_64-4_slack13.1.txz 27bb1cac7066a76dab2f04a2fcb3a14c glibc-solibs-2.11.1-x86_64-4_slack13.1.txz 236372130178abc826e09eaa12dd7db5 glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz Slackware -current packages: 39b8c96ef2161c86cd13ee8fd240bf97 a/glibc-solibs-2.12.1-i486-2.txz f26f8165f418b0d8120ee3d44c0dbd14 a/glibc-zoneinfo-2.12.1-noarch-2.txz d7ef55b89b6c5d350d81e377317a6610 l/glibc-2.12.1-i486-2.txz bcf549bf173537bef56e823216a2eb59 l/glibc-i18n-2.12.1-i486-2.txz 77da2dd0aa8504b8446638282bfd39a6 l/glibc-profile-2.12.1-i486-2.txz Slackware x86_64 -current packages: 046aa5bccd77f9b7ab8be35a609d20b5 a/glibc-solibs-2.12.1-x86_64-2.txz 07c3df0db68615c529b90a31ba9125eb a/glibc-zoneinfo-2.12.1-noarch-2.txz 60049dd502b2ad4d1ffd9f0e4c5790cf l/glibc-2.12.1-x86_64-2.txz 2ff8df667920817e2654f6af3f3787fa l/glibc-i18n-2.12.1-x86_64-2.txz 728482177fec580983a40eaa7d1a88ee l/glibc-profile-2.12.1-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg glibc-*.t?z +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkzB/2EACgkQakRjwEAQIjOr4wCfX9lc755dUUqxo+Fvt5AS4udK IFMAn3nGstluhmFTBg3U9qAp1OUrxuZ5 =mynv -----END PGP SIGNATURE----- |