Fedora Core 1 Update: glibc-2.3.2-101.1

Posted by dave on Nov 14, 2003 8:40 AM EDT
Mailing list
Mail this story
Print this story

Herbert Xu reported that various applications can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. The glibc function getifaddrs uses netlink and could therefore be vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0859 to this issue.

---------------------------------------------------------------------
Fedora Security Update Notification
FEDORA-2003-002
2003-11-14
---------------------------------------------------------------------

Name : glibc Version : 2.3.2 Release : 101.1 Summary : The GNU libc libraries. Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.

--------------------------------------------------------------------- Update Information:

Herbert Xu reported that various applications can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. The glibc function getifaddrs uses netlink and could therefore be vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0859 to this issue.

In addition to this this update fixes a couple of bugs. --------------------------------------------------------------------- * Tue Nov 11 2003 Jakub Jelinek 2.3.2-101.1

- fix getifaddrs (CAN-2003-0859) - fix ftw fd leak - fix linuxthreads sigaction (#108634) - fix glibc 2.0 stdio compatibility - fix uselocale (LC_GLOBAL_LOCALE) - speed up stdio locking in non-threaded programs on IA-32 - try to maintain correct order of cleanups between those registered with __attribute__((cleanup)) and with LinuxThreads style pthread_cleanup_push/pop (#108631) - fix segfault in regex (#109606) - fix RE_ICASE multi-byte handling in regex - fix pthread_exit in libpthread.a (#109790)

--------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

SRPMS/glibc-2.3.2-101.1.src.rpm md5 sum: 9df41ce202870dc17b6baf88d6d9af37 i386/glibc-2.3.2-101.1.i386.rpm md5 sum: 060025765c9101cc9b4e519e1f6c574c i386/glibc-devel-2.3.2-101.1.i386.rpm md5 sum: eebb5fd9ae6777f680def3e9a2c69234 i386/glibc-headers-2.3.2-101.1.i386.rpm md5 sum: e16555792688c626bfa6ba424fdde74e i386/glibc-profile-2.3.2-101.1.i386.rpm md5 sum: b35f187d1351abd5620d3bb39485f2bb i386/glibc-common-2.3.2-101.1.i386.rpm md5 sum: 7ad613990dec154759e167a3d3cc0388 i386/nscd-2.3.2-101.1.i386.rpm md5 sum: c763c419a5d5f105d25fa4894e5675ea i386/glibc-debug-2.3.2-101.1.i386.rpm md5 sum: a3c9d76db0ea56e5afd54579778a24c0 i386/glibc-utils-2.3.2-101.1.i386.rpm md5 sum: a25f098aebfff7645601ce7911193451 i386/debug/glibc-debuginfo-2.3.2-101.1.i386.rpm md5 sum: 0d4346efb75dc1cf9f08f72e6f9c1d49 i386/debug/glibc-debuginfo-common-2.3.2-101.1.i386.rpm md5 sum: 5c16a9664f0b48424f14d18ff5c7cdee i386/glibc-2.3.2-101.1.i686.rpm md5 sum: fb409ca8582b56c22e0bf49ad2a39a2e i386/nptl-devel-2.3.2-101.1.i686.rpm md5 sum: d8d5843684949587b6532b3b4019215c i386/debug/glibc-debuginfo-2.3.2-101.1.i686.rpm md5 sum: d43e819c7cd15dc13b76057799746201

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------



  Nav
» Read more about: Story Type: Security; Groups: Fedora, GNU

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.