- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Low: glibc security update
Advisory ID:       RHSA-2005:261-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2005:261.html
Issue date:        2005-04-28
Updated on:        2005-04-28
Product:           Red Hat Enterprise Linux
Keywords:          glibc LD_DEBUG catchsegv glibcbug
CVE Names:         CAN-2004-0968 CAN-2004-1382 CAN-2004-1453
- ---------------------------------------------------------------------1. Summary:

Updated glibc packages that address several bugs are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

The GNU libc packages (known as glibc) contain the standard C libraries
used by applications.

Flaws in the catchsegv and glibcbug scripts were discovered. A local user
could utilize these flaws to overwrite files via a symlink attack on
temporary files.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0968 and CAN-2004-1382 to
these issues.

It was discovered that the use of LD_DEBUG and LD_SHOW_AUXV were not
restricted for a setuid program.  A local user could utilize this flaw to
gain information, such as the list of symbols used by the program.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name  CAN-2004-1453 to this issue.

This erratum also addresses the following bugs in the GNU C Library:
- - Now avoids calling sigaction (SIGPIPE, ...) in syslog implementation
- - Fixed poll on Itanium
- - Now allows setenv/putenv in shared library constructors

Users of glibc are advised to upgrade to these erratum packages that remove
the unecessary glibcbug script and contain backported patches to correct
these other issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

140068 - [RHAS2.1] CAN-2004-0968 temporary file vulnerabilities in catchsegv script
140487 - [RHAS2.1] Bad declaration of __syscall_poll can cause bogus values for timeout to be passed to the kernel
148814 - CAN-2004-1453 Information leak with LD_DEBUG
148800 - CAN-2004-1382 insecure temporary file usage

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
86c397f7614278f57b9b814d6adedace  glibc-2.2.4-32.20.src.rpm

i386:
5b601e85eba293c52d9fe15d8e766a12  glibc-2.2.4-32.20.i386.rpm
e1c21533e3d86da39390e93d4b93060e  glibc-2.2.4-32.20.i686.rpm
b7eda3e6a3b7f24813415c692bde5cff  glibc-common-2.2.4-32.20.i386.rpm
0b39ef1f661609a0346675b1877a6288  glibc-devel-2.2.4-32.20.i386.rpm
88ed7d4adfcf4627478367a253a65989  glibc-profile-2.2.4-32.20.i386.rpm
b3d6d4389676fc0652277f490d47dfec  nscd-2.2.4-32.20.i386.rpm

ia64:
158103afa78aec998e3db120d245cd37  glibc-2.2.4-32.20.ia64.rpm
321c25cf3605db040fef49a79c443618  glibc-common-2.2.4-32.20.ia64.rpm
a5eb76dc9b8dbcf8cfd6938d1a957977  glibc-devel-2.2.4-32.20.ia64.rpm
b24148c15938f32f7a5f7df0773eb092  glibc-profile-2.2.4-32.20.ia64.rpm
925478d53517e5cd62762f608b4e26f8  nscd-2.2.4-32.20.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
86c397f7614278f57b9b814d6adedace  glibc-2.2.4-32.20.src.rpm

ia64:
158103afa78aec998e3db120d245cd37  glibc-2.2.4-32.20.ia64.rpm
321c25cf3605db040fef49a79c443618  glibc-common-2.2.4-32.20.ia64.rpm
a5eb76dc9b8dbcf8cfd6938d1a957977  glibc-devel-2.2.4-32.20.ia64.rpm
b24148c15938f32f7a5f7df0773eb092  glibc-profile-2.2.4-32.20.ia64.rpm
925478d53517e5cd62762f608b4e26f8  nscd-2.2.4-32.20.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
86c397f7614278f57b9b814d6adedace  glibc-2.2.4-32.20.src.rpm

i386:
5b601e85eba293c52d9fe15d8e766a12  glibc-2.2.4-32.20.i386.rpm
e1c21533e3d86da39390e93d4b93060e  glibc-2.2.4-32.20.i686.rpm
b7eda3e6a3b7f24813415c692bde5cff  glibc-common-2.2.4-32.20.i386.rpm
0b39ef1f661609a0346675b1877a6288  glibc-devel-2.2.4-32.20.i386.rpm
88ed7d4adfcf4627478367a253a65989  glibc-profile-2.2.4-32.20.i386.rpm
b3d6d4389676fc0652277f490d47dfec  nscd-2.2.4-32.20.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
86c397f7614278f57b9b814d6adedace  glibc-2.2.4-32.20.src.rpm

i386:
5b601e85eba293c52d9fe15d8e766a12  glibc-2.2.4-32.20.i386.rpm
e1c21533e3d86da39390e93d4b93060e  glibc-2.2.4-32.20.i686.rpm
b7eda3e6a3b7f24813415c692bde5cff  glibc-common-2.2.4-32.20.i386.rpm
0b39ef1f661609a0346675b1877a6288  glibc-devel-2.2.4-32.20.i386.rpm
88ed7d4adfcf4627478367a253a65989  glibc-profile-2.2.4-32.20.i386.rpm
b3d6d4389676fc0652277f490d47dfec  nscd-2.2.4-32.20.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1453

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

RedHat: Low: glibc security update RHSA-2005:261-01

Updated glibc packages that address several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

Summary



Summary

The GNU libc packages (known as glibc) contain the standard C libraries used by applications. Flaws in the catchsegv and glibcbug scripts were discovered. A local user could utilize these flaws to overwrite files via a symlink attack on temporary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0968 and CAN-2004-1382 to these issues. It was discovered that the use of LD_DEBUG and LD_SHOW_AUXV were not restricted for a setuid program. A local user could utilize this flaw to gain information, such as the list of symbols used by the program. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1453 to this issue. This erratum also addresses the following bugs in the GNU C Library: - - Now avoids calling sigaction (SIGPIPE, ...) in syslog implementation - - Fixed poll on Itanium - - Now allows setenv/putenv in shared library constructors Users of glibc are advised to upgrade to these erratum packages that remove the unecessary glibcbug script and contain backported patches to correct these other issues.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
140068 - [RHAS2.1] CAN-2004-0968 temporary file vulnerabilities in catchsegv script 140487 - [RHAS2.1] Bad declaration of __syscall_poll can cause bogus values for timeout to be passed to the kernel 148814 - CAN-2004-1453 Information leak with LD_DEBUG 148800 - CAN-2004-1382 insecure temporary file usage
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS: 86c397f7614278f57b9b814d6adedace glibc-2.2.4-32.20.src.rpm
i386: 5b601e85eba293c52d9fe15d8e766a12 glibc-2.2.4-32.20.i386.rpm e1c21533e3d86da39390e93d4b93060e glibc-2.2.4-32.20.i686.rpm b7eda3e6a3b7f24813415c692bde5cff glibc-common-2.2.4-32.20.i386.rpm 0b39ef1f661609a0346675b1877a6288 glibc-devel-2.2.4-32.20.i386.rpm 88ed7d4adfcf4627478367a253a65989 glibc-profile-2.2.4-32.20.i386.rpm b3d6d4389676fc0652277f490d47dfec nscd-2.2.4-32.20.i386.rpm
ia64: 158103afa78aec998e3db120d245cd37 glibc-2.2.4-32.20.ia64.rpm 321c25cf3605db040fef49a79c443618 glibc-common-2.2.4-32.20.ia64.rpm a5eb76dc9b8dbcf8cfd6938d1a957977 glibc-devel-2.2.4-32.20.ia64.rpm b24148c15938f32f7a5f7df0773eb092 glibc-profile-2.2.4-32.20.ia64.rpm 925478d53517e5cd62762f608b4e26f8 nscd-2.2.4-32.20.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS: 86c397f7614278f57b9b814d6adedace glibc-2.2.4-32.20.src.rpm
ia64: 158103afa78aec998e3db120d245cd37 glibc-2.2.4-32.20.ia64.rpm 321c25cf3605db040fef49a79c443618 glibc-common-2.2.4-32.20.ia64.rpm a5eb76dc9b8dbcf8cfd6938d1a957977 glibc-devel-2.2.4-32.20.ia64.rpm b24148c15938f32f7a5f7df0773eb092 glibc-profile-2.2.4-32.20.ia64.rpm 925478d53517e5cd62762f608b4e26f8 nscd-2.2.4-32.20.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS: 86c397f7614278f57b9b814d6adedace glibc-2.2.4-32.20.src.rpm
i386: 5b601e85eba293c52d9fe15d8e766a12 glibc-2.2.4-32.20.i386.rpm e1c21533e3d86da39390e93d4b93060e glibc-2.2.4-32.20.i686.rpm b7eda3e6a3b7f24813415c692bde5cff glibc-common-2.2.4-32.20.i386.rpm 0b39ef1f661609a0346675b1877a6288 glibc-devel-2.2.4-32.20.i386.rpm 88ed7d4adfcf4627478367a253a65989 glibc-profile-2.2.4-32.20.i386.rpm b3d6d4389676fc0652277f490d47dfec nscd-2.2.4-32.20.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS: 86c397f7614278f57b9b814d6adedace glibc-2.2.4-32.20.src.rpm
i386: 5b601e85eba293c52d9fe15d8e766a12 glibc-2.2.4-32.20.i386.rpm e1c21533e3d86da39390e93d4b93060e glibc-2.2.4-32.20.i686.rpm b7eda3e6a3b7f24813415c692bde5cff glibc-common-2.2.4-32.20.i386.rpm 0b39ef1f661609a0346675b1877a6288 glibc-devel-2.2.4-32.20.i386.rpm 88ed7d4adfcf4627478367a253a65989 glibc-profile-2.2.4-32.20.i386.rpm b3d6d4389676fc0652277f490d47dfec nscd-2.2.4-32.20.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0968 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1453

Package List


Severity
Advisory ID: RHSA-2005:261-01
Advisory URL: https://access.redhat.com/errata/RHSA-2005:261.html
Issued Date: : 2005-04-28
Updated on: 2005-04-28
Product: Red Hat Enterprise Linux
Keywords: glibc LD_DEBUG catchsegv glibcbug
CVE Names: CAN-2004-0968 CAN-2004-1382 CAN-2004-1453 Updated glibc packages that address several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386


Bugs Fixed


Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved