Slackware alert: glibc 2.1.3 vulnerabilities patched

Posted by dave on Sep 5, 2000 8:12 AM EDT
Mailing list
Mail this story
Print this story

Three locale-related vulnerabilities with glibc 2.1.3 were recently reported on BugTraq. These vulnerabilities could allow local users to gain root access.

Three locale-related vulnerabilities with glibc 2.1.3 were recently
reported on BugTraq.  These vulnerabilities could allow local users to
gain root access.

Users of Slackware 7.0, 7.1, and -current are strongly urged to upgrade to the new glibc packages in the -current branch.



========================================================================= glibc 2.1.3 AVAILABLE - (a1/glibcso.tgz, d1/glibc.tgz, des1/descrypt.tgz) =========================================================================

The three locale-related vulnerabilities with glibc-2.1.3 have been patched using the CVS glibc patches provided by Solar Designer.



PACKAGE INFORMATION: -------------------- a1/glibcso.tgz: This package contains the runtime libraries for glibc 2.1.3. All users of Slackware 7.0 through -current should upgrade this package.

d1/glibc.tgz: This is the full glibc 2.1.3 package, complete with headers and static libraries. If you had previously installed this package, you need to upgrade it.

des1/descrypt.tgz: Contains a DES-enabled libcrypt.so library. If you have this package, you need to upgrade it as well. IMPORTANT: Be sure to upgrade this package *AFTER* glibcso.tgz and glibc.tgz.

WHERE TO FIND THE NEW PACKAGES: ------------------------------- All new packages can be found in the -current branch:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/glibcso.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/d1/glibc.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/des1/descrypt.tgz

MD5 SIGNATURES AND CHECKSUMS: ----------------------------- Here are the md5sums and checksums for the packages:

1119944158 781102 a1/glibcso.tgz 4150671113 22146158 d1/glibc.tgz 95989487 95843 des1/descrypt.tgz

0fa3614e6cdee92687c78d84e2587b81 a1/glibcso.tgz 7fafee175cf7acee5d90fd416e92d44b d1/glibc.tgz 3493af0bae0aeea840a464bc53d3b63f des1/descrypt.tgz

INSTALLATION INSTRUCTIONS: -------------------------- The three packages above need to be upgraded in single user mode (runlevel 1). Bring the system into runlevel 1:

# telinit 1

Then upgrade the packages:

# upgradepkg <package name>.tgz

Then bring the system back into multiuser mode:

# telinit 3



Remember, it's also a good idea to backup configuration files before upgrading packages.

+------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+

- Slackware Linux Security Team http://www.slackware.com

  Nav
» Read more about: Story Type: Security; Groups: Slackware

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.