Fedora Core 1 Update: glibc-2.3.2-101.1
Herbert Xu reported that various applications can accept spoofed messages
sent on the kernel netlink interface by other users on the local machine.
This could lead to a local denial of service attack. The glibc function
getifaddrs uses netlink and could therefore be vulnerable to this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0859 to this issue.
|
|
---------------------------------------------------------------------
Fedora Security Update Notification
FEDORA-2003-002
2003-11-14
---------------------------------------------------------------------
Name : glibc
Version : 2.3.2
Release : 101.1
Summary : The GNU libc libraries.
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.
---------------------------------------------------------------------
Update Information:
Herbert Xu reported that various applications can accept spoofed messages
sent on the kernel netlink interface by other users on the local machine.
This could lead to a local denial of service attack. The glibc function
getifaddrs uses netlink and could therefore be vulnerable to this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0859 to this issue.
In addition to this this update fixes a couple of bugs.
---------------------------------------------------------------------
* Tue Nov 11 2003 Jakub Jelinek 2.3.2-101.1
- fix getifaddrs (CAN-2003-0859)
- fix ftw fd leak
- fix linuxthreads sigaction (#108634)
- fix glibc 2.0 stdio compatibility
- fix uselocale (LC_GLOBAL_LOCALE)
- speed up stdio locking in non-threaded programs on IA-32
- try to maintain correct order of cleanups between those
registered with __attribute__((cleanup))
and with LinuxThreads style pthread_cleanup_push/pop (#108631)
- fix segfault in regex (#109606)
- fix RE_ICASE multi-byte handling in regex
- fix pthread_exit in libpthread.a (#109790)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
SRPMS/glibc-2.3.2-101.1.src.rpm
md5 sum: 9df41ce202870dc17b6baf88d6d9af37
i386/glibc-2.3.2-101.1.i386.rpm
md5 sum: 060025765c9101cc9b4e519e1f6c574c
i386/glibc-devel-2.3.2-101.1.i386.rpm
md5 sum: eebb5fd9ae6777f680def3e9a2c69234
i386/glibc-headers-2.3.2-101.1.i386.rpm
md5 sum: e16555792688c626bfa6ba424fdde74e
i386/glibc-profile-2.3.2-101.1.i386.rpm
md5 sum: b35f187d1351abd5620d3bb39485f2bb
i386/glibc-common-2.3.2-101.1.i386.rpm
md5 sum: 7ad613990dec154759e167a3d3cc0388
i386/nscd-2.3.2-101.1.i386.rpm
md5 sum: c763c419a5d5f105d25fa4894e5675ea
i386/glibc-debug-2.3.2-101.1.i386.rpm
md5 sum: a3c9d76db0ea56e5afd54579778a24c0
i386/glibc-utils-2.3.2-101.1.i386.rpm
md5 sum: a25f098aebfff7645601ce7911193451
i386/debug/glibc-debuginfo-2.3.2-101.1.i386.rpm
md5 sum: 0d4346efb75dc1cf9f08f72e6f9c1d49
i386/debug/glibc-debuginfo-common-2.3.2-101.1.i386.rpm
md5 sum: 5c16a9664f0b48424f14d18ff5c7cdee
i386/glibc-2.3.2-101.1.i686.rpm
md5 sum: fb409ca8582b56c22e0bf49ad2a39a2e
i386/nptl-devel-2.3.2-101.1.i686.rpm
md5 sum: d8d5843684949587b6532b3b4019215c
i386/debug/glibc-debuginfo-2.3.2-101.1.i686.rpm
md5 sum: d43e819c7cd15dc13b76057799746201
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
|
This topic does not have any threads posted yet!
You cannot post until you login.