Home page logo
/

bugtraq logo Bugtraq mailing list archives

MDKSA-2004:159 - Updated glibc packages fix temporary file vulnerability
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 30 Dec 2004 03:24:38 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           glibc
 Advisory ID:            MDKSA-2004:159
 Date:                   December 29th, 2004

 Affected versions:      10.0, 10.1
 ______________________________________________________________________

 Problem Description:

 The Trustix developers discovered that the catchsegv and glibcbug
 utilities, part of the glibc package, created temporary files in an
 insecure manner.  This could allow for a symlink attack to create or
 overwrite arbitrary files with the privileges of the user invoking the
 program.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0968
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 d3c0d6fae4d7929830090e8c91466951  10.0/RPMS/glibc-2.3.3-12.8.100mdk.i586.rpm
 478aecbe69470a0466c0b6f685e63282  10.0/RPMS/glibc-debug-2.3.3-12.8.100mdk.i586.rpm
 29313f60b5702b00eb709781f47b2d39  10.0/RPMS/glibc-devel-2.3.3-12.8.100mdk.i586.rpm
 b4e97a220b40a2641bd3285bf2fc990d  10.0/RPMS/glibc-doc-2.3.3-12.8.100mdk.i586.rpm
 b360e6de9b0dc63a7360597b345eb113  10.0/RPMS/glibc-doc-pdf-2.3.3-12.8.100mdk.i586.rpm
 d40de60e1c3021267abe117bf2568b04  10.0/RPMS/glibc-i18ndata-2.3.3-12.8.100mdk.i586.rpm
 21965846712d7db2a19c581a4998dc8c  10.0/RPMS/glibc-profile-2.3.3-12.8.100mdk.i586.rpm
 1df7c34978d7f23e062e2145d75fcd94  10.0/RPMS/glibc-static-devel-2.3.3-12.8.100mdk.i586.rpm
 18cd827de946a15585316e1aedc7f516  10.0/RPMS/glibc-utils-2.3.3-12.8.100mdk.i586.rpm
 5556bc2a07cfb6c7596f8651709e26a3  10.0/RPMS/ldconfig-2.3.3-12.8.100mdk.i586.rpm
 78ada3afab77a2eb0bf69f22e6913a61  10.0/RPMS/nptl-devel-2.3.3-12.8.100mdk.i586.rpm
 33eb2a77406744a96f0b62ac99e6c6b5  10.0/RPMS/nscd-2.3.3-12.8.100mdk.i586.rpm
 e0f8c3de9f84b2a2517e9e436c9d78ad  10.0/RPMS/timezone-2.3.3-12.8.100mdk.i586.rpm
 29e42ae1c249e1e44676356d65e48e8c  10.0/SRPMS/glibc-2.3.3-12.8.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 8f497e10e0fdb577a98e836b599b6ba6  amd64/10.0/RPMS/glibc-2.3.3-12.8.100mdk.amd64.rpm
 85f8288b5b457e99d07157160ea57d99  amd64/10.0/RPMS/glibc-debug-2.3.3-12.8.100mdk.amd64.rpm
 24d3105e9a8604c24490d2f798d2d905  amd64/10.0/RPMS/glibc-devel-2.3.3-12.8.100mdk.amd64.rpm
 0ba375ae866a114ac133419b1fcd6977  amd64/10.0/RPMS/glibc-doc-2.3.3-12.8.100mdk.amd64.rpm
 240367c5128ac78428c67a84207892ec  amd64/10.0/RPMS/glibc-doc-pdf-2.3.3-12.8.100mdk.amd64.rpm
 fcdd0f7867c325e4e56282e8ee038cf5  amd64/10.0/RPMS/glibc-i18ndata-2.3.3-12.8.100mdk.amd64.rpm
 335c67618af7d5bc6ee78b535250fa32  amd64/10.0/RPMS/glibc-profile-2.3.3-12.8.100mdk.amd64.rpm
 f513e41b3c9cf834878e82a302031b94  amd64/10.0/RPMS/glibc-static-devel-2.3.3-12.8.100mdk.amd64.rpm
 5ecd5b9c15f28464ef1f0a7a42cb49e2  amd64/10.0/RPMS/glibc-utils-2.3.3-12.8.100mdk.amd64.rpm
 3f55bcf134eb71f267c0894a50cfc8ee  amd64/10.0/RPMS/ldconfig-2.3.3-12.8.100mdk.amd64.rpm
 1f64867fe40119309070d2f9cd33f274  amd64/10.0/RPMS/nptl-devel-2.3.3-12.8.100mdk.amd64.rpm
 1f93d5f94052b52a2b42c3f057b24a45  amd64/10.0/RPMS/nscd-2.3.3-12.8.100mdk.amd64.rpm
 a9f02cf82620c6e74341be95bd74b9b6  amd64/10.0/RPMS/timezone-2.3.3-12.8.100mdk.amd64.rpm
 29e42ae1c249e1e44676356d65e48e8c  amd64/10.0/SRPMS/glibc-2.3.3-12.8.100mdk.src.rpm

 Mandrakelinux 10.1:
 1bfd1552a89e67230d560837e8a52be8  10.1/RPMS/glibc-2.3.3-23.1.101mdk.i586.rpm
 feaefe712886221650ee11c17c2ee60c  10.1/RPMS/glibc-debug-2.3.3-23.1.101mdk.i586.rpm
 363152222d78953d66a1ab907422c362  10.1/RPMS/glibc-devel-2.3.3-23.1.101mdk.i586.rpm
 c396e0fa56bf99514947db942f603a93  10.1/RPMS/glibc-doc-2.3.3-23.1.101mdk.i586.rpm
 0af69cde9a1ee5a9880ab20a4084ec40  10.1/RPMS/glibc-doc-pdf-2.3.3-23.1.101mdk.i586.rpm
 36af3cda588047bdd0438ab99fc5172a  10.1/RPMS/glibc-i18ndata-2.3.3-23.1.101mdk.i586.rpm
 e2221cb00b488d72cf4c61302771a639  10.1/RPMS/glibc-profile-2.3.3-23.1.101mdk.i586.rpm
 c9eeea5047ce49a11299f038cce43cf2  10.1/RPMS/glibc-static-devel-2.3.3-23.1.101mdk.i586.rpm
 62d1c85236fdc348d5bb8ffc763d43ad  10.1/RPMS/glibc-utils-2.3.3-23.1.101mdk.i586.rpm
 db0df09231bf64cb7aa70c771e15599a  10.1/RPMS/ldconfig-2.3.3-23.1.101mdk.i586.rpm
 3aadb015bad4d08bbae72469836f4d05  10.1/RPMS/nptl-devel-2.3.3-23.1.101mdk.i586.rpm
 a5fcb4e74b84d4fc9d645652527e20d5  10.1/RPMS/nscd-2.3.3-23.1.101mdk.i586.rpm
 47d6540793020f021bfc9c0b9f3b2276  10.1/RPMS/timezone-2.3.3-23.1.101mdk.i586.rpm
 0734f25c465b9ebcf39180a6fdf44d53  10.1/SRPMS/glibc-2.3.3-23.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 387ea4a78ad359905011f180d821b258  x86_64/10.1/RPMS/glibc-2.3.3-23.1.101mdk.x86_64.rpm
 622a53d71f3ffdbd80b6adbec1a53d03  x86_64/10.1/RPMS/glibc-debug-2.3.3-23.1.101mdk.x86_64.rpm
 ecbf0ca4f665927cebef470f4b5b0aa2  x86_64/10.1/RPMS/glibc-devel-2.3.3-23.1.101mdk.x86_64.rpm
 bcc5d43efc32b2a3722ab8bac7c086fb  x86_64/10.1/RPMS/glibc-doc-2.3.3-23.1.101mdk.x86_64.rpm
 0650cc94e3ff7d3441e196875924ac9e  x86_64/10.1/RPMS/glibc-doc-pdf-2.3.3-23.1.101mdk.x86_64.rpm
 72b508b5295d72a8b96c3fe78efa6007  x86_64/10.1/RPMS/glibc-i18ndata-2.3.3-23.1.101mdk.x86_64.rpm
 e6a8a85bc80f481cbb9c2c29dd9ae1f6  x86_64/10.1/RPMS/glibc-profile-2.3.3-23.1.101mdk.x86_64.rpm
 545a8840739ae3716f6234868e5de16f  x86_64/10.1/RPMS/glibc-static-devel-2.3.3-23.1.101mdk.x86_64.rpm
 b396d0af7a534763db7359b26c950448  x86_64/10.1/RPMS/glibc-utils-2.3.3-23.1.101mdk.x86_64.rpm
 6fdedd56d68856e638fe1f6dcaea6f17  x86_64/10.1/RPMS/ldconfig-2.3.3-23.1.101mdk.x86_64.rpm
 e2ef0b1a4d2e492328a7d408878c13d7  x86_64/10.1/RPMS/nptl-devel-2.3.3-23.1.101mdk.x86_64.rpm
 37edf16413ba9f036ba5434f31832881  x86_64/10.1/RPMS/nscd-2.3.3-23.1.101mdk.x86_64.rpm
 68b7cdb358e9fbd38eba38dbb9216eed  x86_64/10.1/RPMS/timezone-2.3.3-23.1.101mdk.x86_64.rpm
 0734f25c465b9ebcf39180a6fdf44d53  x86_64/10.1/SRPMS/glibc-2.3.3-23.1.101mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFB03T2mqjQ0CJFipgRAsGxAJ4w5MrLm/iq1meYV9yMg8sMbCHbrgCguhSR
l+3oHXol5pgiVuE/RyjXBH0=
=gAsH
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • MDKSA-2004:159 - Updated glibc packages fix temporary file vulnerability Mandrake Linux Security Team (Dec 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]