drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in glibc
Name: |
Ausführen beliebiger Kommandos in glibc |
|
ID: |
SSA:2010-301-01 |
|
Distribution: |
Slackware |
|
Plattformen: |
Slackware -current, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware x86_64 13.0, Slackware x86_64 -current, Slackware x86_64 13.1, Slackware 13.1 |
|
Datum: |
Fr, 29. Oktober 2010, 09:28 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856 |
|
Applikationen: |
GNU C library |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] glibc (SSA:2010-301-01)
New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue.
Here are the details from the Slackware 13.1 ChangeLog: +--------------------------+ patches/packages/glibc-2.11.1-i486-5_slack13.1.txz: Rebuilt. Patched "The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads." This security issue allows a local attacker to gain root by specifying an unsafe DSO in the library search path to be used with a setuid binary in LD_AUDIT mode. Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856 http://seclists.org/fulldisclosure/2010/Oct/344 (* Security fix *) patches/packages/glibc-i18n-2.11.1-i486-5_slack13.1.txz: Rebuilt. patches/packages/glibc-profile-2.11.1-i486-5_slack13.1.txz: Rebuilt. patches/packages/glibc-solibs-2.11.1-i486-5_slack13.1.txz: Upgraded. (* Security fix *) patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz: Upgraded. Rebuilt to tzcode2010n and tzdata2010n. +--------------------------+
Where to find the new packages: +-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 12.0: glibc-2.5-i486-6_slack12.0.tgz glibc-i18n-2.5-noarch-6_slack12.0.tgz glibc-profile-2.5-i486-6_slack12.0.tgz glibc-solibs-2.5-i486-6_slack12.0.tgz glibc-zoneinfo-2.5-noarch-9_slack12.0.tgz
Updated packages for Slackware 12.1: glibc-2.7-i486-12_slack12.1.tgz glibc-i18n-2.7-noarch-12_slack12.1.tgz glibc-profile-2.7-i486-12_slack12.1.tgz glibc-solibs-2.7-i486-12_slack12.1.tgz glibc-zoneinfo-2.7-noarch-12_slack12.0.tgz
Updated packages for Slackware 12.2: glibc-2.7-i486-19_slack12.2.tgz glibc-i18n-2.7-noarch-19_slack12.2.tgz glibc-profile-2.7-i486-19_slack12.2.tgz glibc-solibs-2.7-i486-19_slack12.2.tgz glibc-zoneinfo-2.7-noarch-19_slack12.2.tgz
Updated packages for Slackware 13.0: glibc-2.9-i486-5_slack13.0.txz glibc-i18n-2.9-i486-5_slack13.0.txz glibc-profile-2.9-i486-5_slack13.0.txz glibc-solibs-2.9-i486-5_slack13.0.txz glibc-zoneinfo-2.9-noarch-5_slack13.0.txz
Updated packages for Slackware x86_64 13.0: glibc-2.9-x86_64-5_slack13.0.txz glibc-i18n-2.9-x86_64-5_slack13.0.txz glibc-profile-2.9-x86_64-5_slack13.0.txz glibc-solibs-2.9-x86_64-5_slack13.0.txz glibc-zoneinfo-2.9-noarch-5_slack13.0.txz
Updated packages for Slackware 13.1: glibc-2.11.1-i486-5_slack13.1.txz glibc-i18n-2.11.1-i486-5_slack13.1.txz glibc-profile-2.11.1-i486-5_slack13.1.txz glibc-solibs-2.11.1-i486-5_slack13.1.txz glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz
Updated packages for Slackware x86_64 13.1: glibc-2.11.1-x86_64-5_slack13.1.txz glibc-i18n-2.11.1-x86_64-5_slack13.1.txz glibc-profile-2.11.1-x86_64-5_slack13.1.txz glibc-solibs-2.11.1-x86_64-5_slack13.1.txz glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz
Updated packages for Slackware -current: glibc-solibs-2.12.1-i486-3.txz glibc-zoneinfo-2.12.1-noarch-3.txz glibc-2.12.1-i486-3.txz glibc-i18n-2.12.1-i486-3.txz glibc-profile-2.12.1-i486-3.txz
Updated packages for Slackware x86_64 -current: glibc-solibs-2.12.1-x86_64-3.txz glibc-zoneinfo-2.12.1-noarch-3.txz glibc-2.12.1-x86_64-3.txz glibc-i18n-2.12.1-x86_64-3.txz glibc-profile-2.12.1-x86_64-3.txz
MD5 signatures: +-------------+
Slackware 12.0 packages: 8d468bef0a3b50325d77ab996b5a9d9a glibc-2.5-i486-6_slack12.0.tgz b01d3fecfd3ed105c5c141a3dc7af401 glibc-i18n-2.5-noarch-6_slack12.0.tgz caf14c4ad8e444000220bc7cc256c495 glibc-profile-2.5-i486-6_slack12.0.tgz 451af23d75820fac2d4bb431b5830b85 glibc-solibs-2.5-i486-6_slack12.0.tgz 119d0d794a46f94bc17f83f0ac06a3d3 glibc-zoneinfo-2.5-noarch-9_slack12.0.tgz
Slackware 12.1 packages: ccc6cad27bc0fb344656cde9a13b38ba glibc-2.7-i486-12_slack12.1.tgz 5d898df2a09262f7257d3eda50a57d68 glibc-i18n-2.7-noarch-12_slack12.1.tgz 068a14a920b5081cb70d83d9b0f84241 glibc-profile-2.7-i486-12_slack12.1.tgz 84cb8ee27e6f839c9d0c5f6817ad8730 glibc-solibs-2.7-i486-12_slack12.1.tgz 59355d9135e1c63a47cefb8b1913a482 glibc-zoneinfo-2.7-noarch-12_slack12.0.tgz
Slackware 12.2 packages: 92731f67629c32a3944568e5e45f7eea glibc-2.7-i486-19_slack12.2.tgz 0186435a93d1b21d9b8583698141eac6 glibc-i18n-2.7-noarch-19_slack12.2.tgz 75b2c8928bfcee081eaa2e24b80ba9c3 glibc-profile-2.7-i486-19_slack12.2.tgz 3fb2a406f8625e307a455d9c8ecc8589 glibc-solibs-2.7-i486-19_slack12.2.tgz e5b641e76bd83f1b78d15918e37861b3 glibc-zoneinfo-2.7-noarch-19_slack12.2.tgz
Slackware 13.0 packages: 1db19f0d2e560237d7e7b563edac1717 glibc-2.9-i486-5_slack13.0.txz 605c3e4727111314a3b352c1043e3c70 glibc-i18n-2.9-i486-5_slack13.0.txz 3846ded61e77d33d2b6d2b09a2c8a9e8 glibc-profile-2.9-i486-5_slack13.0.txz 766f590fa9f9afac74a3395464d563f5 glibc-solibs-2.9-i486-5_slack13.0.txz 4726810af74ad4fadf06a6ff804a0c28 glibc-zoneinfo-2.9-noarch-5_slack13.0.txz
Slackware x86_64 13.0 packages: 909942f6df189166b39fb5b6e3781731 glibc-2.9-x86_64-5_slack13.0.txz ee4e1d3994bf63d7aeea7fcc4fd26d12 glibc-i18n-2.9-x86_64-5_slack13.0.txz 6602482f69059373ac0831c669d53acf glibc-profile-2.9-x86_64-5_slack13.0.txz 281ab0a7b97cc848f508c33339932eac glibc-solibs-2.9-x86_64-5_slack13.0.txz df641f4c6bd461b6e0d7f517829081ba glibc-zoneinfo-2.9-noarch-5_slack13.0.txz
Slackware 13.1 packages: 6527a72a8454bf4bdb310e02e0da83b1 glibc-2.11.1-i486-5_slack13.1.txz c4a2ebb19582db01f411dc1ff48b5b73 glibc-i18n-2.11.1-i486-5_slack13.1.txz 626a6183a927a5afc71997f40c6385d3 glibc-profile-2.11.1-i486-5_slack13.1.txz 15b9ca16b5f61f819c3da72f9e5e3c99 glibc-solibs-2.11.1-i486-5_slack13.1.txz f118773d1bb266378f80b4cb2c5287b2 glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz
Slackware x86_64 13.1 packages: 037e2ccd9a3696db1203f4067e375cf4 glibc-2.11.1-x86_64-5_slack13.1.txz 13a43ca43e61861a581181f59a6ec62f glibc-i18n-2.11.1-x86_64-5_slack13.1.txz 1898b8bde310da6bbf2147e789e67200 glibc-profile-2.11.1-x86_64-5_slack13.1.txz a0914b17959f521cc6b93218735c8a48 glibc-solibs-2.11.1-x86_64-5_slack13.1.txz 3f5621fbe482cbc287155400c5012f84 glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz
Slackware -current packages: 0ed6d0e2079be5d275455739cdaf0549 a/glibc-solibs-2.12.1-i486-3.txz b23dbc1e4ba31fd6827fd51012da7d6d a/glibc-zoneinfo-2.12.1-noarch-3.txz 3ea2bf3794eec46fc8870699277725b6 l/glibc-2.12.1-i486-3.txz d0afd8e838dbe00ae12b0e04e8f025d2 l/glibc-i18n-2.12.1-i486-3.txz f919fe010cfcb28eb5de849028894d4a l/glibc-profile-2.12.1-i486-3.txz
Slackware x86_64 -current packages: b068c1e12d49d1cf968db8fffdf1f4a4 a/glibc-solibs-2.12.1-x86_64-3.txz 87c200831200e3e626a1a068167041fd a/glibc-zoneinfo-2.12.1-noarch-3.txz 12fe9ab9e109c162e93215a4995478cd l/glibc-2.12.1-x86_64-3.txz bc676d8921404ee9fd520137f60d7d3f l/glibc-i18n-2.12.1-x86_64-3.txz 44bb2cf6ecde7a6bcf49a69ca62254ff l/glibc-profile-2.12.1-x86_64-3.txz
Installation instructions: +------------------------+
Upgrade the packages as root: # upgradepkg glibc-*.t?z
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkzKUkYACgkQakRjwEAQIjNjXQCffi+R3vSqymq/bqyhvf6xImKc SWEAnR8eZeWo6OjI6y5UJFb+7twuQhU0 =7rrE -----END PGP SIGNATURE-----
|
|
|
|