Home page logo
/

bugtraq logo Bugtraq mailing list archives

[slackware-security]: glibc 2.1.3 vulnerabilities patched
From: "Nick C. Doyle" <nick () LOLA 2Y NET>
Date: Wed, 6 Sep 2000 07:02:35 -0300

Three locale-related vulnerabilities with glibc 2.1.3 were recently
reported on BugTraq.  These vulnerabilities could allow local users to
gain root access.

Users of Slackware 7.0, 7.1, and -current are strongly urged to upgrade to
the new glibc packages in the -current branch.



=========================================================================
glibc 2.1.3 AVAILABLE - (a1/glibcso.tgz, d1/glibc.tgz, des1/descrypt.tgz)
=========================================================================

The three locale-related vulnerabilities with glibc-2.1.3 have been
patched using the CVS glibc patches provided by Solar Designer.



PACKAGE INFORMATION:
--------------------
a1/glibcso.tgz:
   This package contains the runtime libraries for glibc 2.1.3.  All
   users of Slackware 7.0 through -current should upgrade this
   package.

d1/glibc.tgz:
   This is the full glibc 2.1.3 package, complete with headers and
   static libraries.  If you had previously installed this package,
   you need to upgrade it.

des1/descrypt.tgz:
   Contains a DES-enabled libcrypt.so library.  If you have this
   package, you need to upgrade it as well.  IMPORTANT:  Be sure to
   upgrade this package *AFTER* glibcso.tgz and glibc.tgz.


WHERE TO FIND THE NEW PACKAGES:
-------------------------------
All new packages can be found in the -current branch:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/glibcso.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/d1/glibc.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/des1/descrypt.tgz


MD5 SIGNATURES AND CHECKSUMS:
-----------------------------
Here are the md5sums and checksums for the packages:

   1119944158 781102 a1/glibcso.tgz
   4150671113 22146158 d1/glibc.tgz
   95989487 95843 des1/descrypt.tgz

   0fa3614e6cdee92687c78d84e2587b81  a1/glibcso.tgz
   7fafee175cf7acee5d90fd416e92d44b  d1/glibc.tgz
   3493af0bae0aeea840a464bc53d3b63f  des1/descrypt.tgz


INSTALLATION INSTRUCTIONS:
--------------------------
The three packages above need to be upgraded in single user mode (runlevel
1).  Bring the system into runlevel 1:

   # telinit 1

Then upgrade the packages:

   # upgradepkg <package name>.tgz

Then bring the system back into multiuser mode:

   # telinit 3



Remember, it's also a good idea to backup configuration files before
upgrading packages.


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo () slackware com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+


- Slackware Linux Security Team
  http://www.slackware.com


  By Date           By Thread  

Current thread:
  • [slackware-security]: glibc 2.1.3 vulnerabilities patched Nick C. Doyle (Sep 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault