[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
(fwd) [slackware-security]: glibc 2.1.3 vulnerabilities patched
[glibc fix for Slackware -- Raju]
This is an RFC 1153 digest.
(1 message)
----------------------------------------------------------------------
Approved-By: aleph1@xxxxxxxxxxxxxxxxx
Delivered-To: bugtraq@xxxxxxxxxxxxxxxxxxxxxxx
Received: from securityfocus.com (mail.securityfocus.com [207.126.127.78]) by
lists.securityfocus.com (Postfix) with SMTP id D232D1EE93 for
<bugtraq@xxxxxxxxxxxxxxxxxxxxxxx>; Wed, 6 Sep 2000 02:55:57 -0700
(PDT)
Received: (qmail 18995 invoked by alias); 6 Sep 2000 09:57:21 -0000
Delivered-To: bugtraq@xxxxxxxxxxxxxxxxx
Received: (qmail 18992 invoked from network); 6 Sep 2000 09:57:20 -0000
Received: from nat211.169.mpoweredpc.net (HELO Lola.2y.net) (142.177.211.169)
by mail.securityfocus.com with SMTP; 6 Sep 2000 09:57:20 -0000
Received: by Lola.2y.net (Postfix, from userid 1000) id E2EBD1FDCD; Wed, 6 Sep
2000 07:03:02 -0300 (ADT)
Received: from localhost (localhost [127.0.0.1]) by Lola.2y.net (Postfix) with
ESMTP id F347A1FDBD for <bugtraq@xxxxxxxxxxxxxxxxx>; Wed, 6 Sep 2000
07:03:01 -0300 (ADT)
Delivered-To: nick@xxxxxxxxxxx
X-Received: from connie.slackware.com (connie.slackware.com [204.216.27.13]) by
Lola.2y.net (Postfix) with SMTP id 660D51FDBD for
<nick@xxxxxxxxxxx>; Wed, 6 Sep 2000 02:06:57 -0300 (ADT)
X-Received: (from daemon@localhost) by connie.slackware.com (8.9.3/8.9.3) id
JAA31169 for slackware-security-outgoing; Tue, 5 Sep 2000 09:13:01
-0700
X-Received: from localhost (security@localhost) by connie.slackware.com
(8.9.3/8.9.3) with ESMTP id JAA31166 for
<slackware-security@xxxxxxxxxxxxx>; Tue, 5 Sep 2000 09:12:59 -0700
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Precedence: bulk
Message-ID: <Pine.LNX.4.21.0009060702350.2478@Lola>
Reply-To: Slackware Security Team <security@xxxxxxxxxxxxx>
Comments: Resent-From: "Nick C. Doyle" <nick@xxxxxxxxxxx>
Comments: Originally-From: Slackware Security Team <security@xxxxxxxxxxxxx>
ReSent-Subject: [slackware-security]: glibc 2.1.3 vulnerabilities patched
From: "Nick C. Doyle" <nick@xxxxxxxxxxx>
Sender: Bugtraq List <BUGTRAQ@xxxxxxxxxxxxxxxxx>
To: BUGTRAQ@xxxxxxxxxxxxxxxxx
Subject: [slackware-security]: glibc 2.1.3 vulnerabilities patched
Date: Wed, 6 Sep 2000 07:02:35 -0300
Three locale-related vulnerabilities with glibc 2.1.3 were recently
reported on BugTraq. These vulnerabilities could allow local users to
gain root access.
Users of Slackware 7.0, 7.1, and -current are strongly urged to upgrade to
the new glibc packages in the -current branch.
=========================================================================
glibc 2.1.3 AVAILABLE - (a1/glibcso.tgz, d1/glibc.tgz, des1/descrypt.tgz)
=========================================================================
The three locale-related vulnerabilities with glibc-2.1.3 have been
patched using the CVS glibc patches provided by Solar Designer.
PACKAGE INFORMATION:
--------------------
a1/glibcso.tgz:
This package contains the runtime libraries for glibc 2.1.3. All
users of Slackware 7.0 through -current should upgrade this
package.
d1/glibc.tgz:
This is the full glibc 2.1.3 package, complete with headers and
static libraries. If you had previously installed this package,
you need to upgrade it.
des1/descrypt.tgz:
Contains a DES-enabled libcrypt.so library. If you have this
package, you need to upgrade it as well. IMPORTANT: Be sure to
upgrade this package *AFTER* glibcso.tgz and glibc.tgz.
WHERE TO FIND THE NEW PACKAGES:
-------------------------------
All new packages can be found in the -current branch:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/glibcso.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/d1/glibc.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/des1/descrypt.tgz
MD5 SIGNATURES AND CHECKSUMS:
-----------------------------
Here are the md5sums and checksums for the packages:
1119944158 781102 a1/glibcso.tgz
4150671113 22146158 d1/glibc.tgz
95989487 95843 des1/descrypt.tgz
0fa3614e6cdee92687c78d84e2587b81 a1/glibcso.tgz
7fafee175cf7acee5d90fd416e92d44b d1/glibc.tgz
3493af0bae0aeea840a464bc53d3b63f des1/descrypt.tgz
INSTALLATION INSTRUCTIONS:
--------------------------
The three packages above need to be upgraded in single user mode (runlevel
1). Bring the system into runlevel 1:
# telinit 1
Then upgrade the packages:
# upgradepkg <package name>.tgz
Then bring the system back into multiuser mode:
# telinit 3
Remember, it's also a good idea to backup configuration files before
upgrading packages.
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@xxxxxxxxxxxxx with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
- Slackware Linux Security Team
http://www.slackware.com
------------------------------
End of this Digest
******************