Author: JT Smith
Trustix: “There is a problem in the glob(3) function of the Glibc library which
allows for exploitation of programs that pass user supplied input
directly to it.”
allows for exploitation of programs that pass user supplied input
directly to it.”
From: Trustix Secure Linux Advisor <tsl@trustix.com> To: tsl-announce@trustix.org Subject: TSLSA-2001-0029 - glibc Date: Thu, 20 Dec 2001 15:19:48 +0100 Cc: bugtraq@securityfocus.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2001-0029 Package name: glibc Severity: Buffer overflow Date: 2001-12-19 Affected versions: TSL 1.01, 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Problem description: There is a problem in the glob(3) function of the Glibc library which allows for exploitation of programs that pass user supplied input directly to it. Action: We recommend that all systems with this package installed are upgraded. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/> <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> Automatic updates: Users of the SWUP tool, can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/> Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key available from: <URI:http://www.trustix.net/TSL-GPG-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.2/> and <URI:http://www.trustix.net/errata/trustix-1.5/> or directly at <URI:http://www.trustix.net/errata/misc/2001/TSL-2001-0029-glibc.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- b09da93d8c0aaa3ea05f96eac0670f4b ./1.5/SRPMS/glibc-2.1.3-16tr.src.rpm 066333d08effaf470bd34d7eed678bc0 ./1.5/RPMS/glibc-profile-2.1.3-16tr.i586.rpm 9978d2532b03f429b7d60608d7998416 ./1.5/RPMS/glibc-devel-2.1.3-16tr.i586.rpm 24bfe2e19232744126c321534a120aa5 ./1.5/RPMS/glibc-2.1.3-16tr.i586.rpm b09da93d8c0aaa3ea05f96eac0670f4b ./1.2/SRPMS/glibc-2.1.3-16tr.src.rpm e1b3655cb6f93f5c9e20a233f3872a1e ./1.2/RPMS/glibc-profile-2.1.3-16tr.i586.rpm 91ab7db274ed981e88c75f76debb8a97 ./1.2/RPMS/glibc-devel-2.1.3-16tr.i586.rpm 152ebaee28c79a11205e80f2dd7335cd ./1.2/RPMS/glibc-2.1.3-16tr.i586.rpm b09da93d8c0aaa3ea05f96eac0670f4b ./1.1/SRPMS/glibc-2.1.3-16tr.src.rpm 185918341e54d62746496b46abfc87b2 ./1.1/RPMS/glibc-profile-2.1.3-16tr.i586.rpm 4e4c5f29e794e040eb55ad04c20d7d63 ./1.1/RPMS/glibc-devel-2.1.3-16tr.i586.rpm 9f3bddc70339a87f5f47bf8ac04ef253 ./1.1/RPMS/glibc-2.1.3-16tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8Ic5mwRTcg4BxxS0RAlWGAJ9Y112a6pZ0YvU/AHhqAlh1nEsXDACcD54F 6BHXczlxMw8CnBbUYDyHW94= =8XYh -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list tsl-announce@trustix.org http://www.trustix.org/mailman/listinfo.cgi/tsl-announce
Category:
- Linux