Date: Tue, 5 Sep 2000 09:12:59 -0700 (PDT)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security]:  glibc 2.1.3 vulnerabilities patched

Three locale-related vulnerabilities with glibc 2.1.3 were recently
reported on BugTraq.  These vulnerabilities could allow local users to
gain root access.

Users of Slackware 7.0, 7.1, and -current are strongly urged to upgrade to
the new glibc packages in the -current branch.



========================================================================glibc 2.1.3 AVAILABLE - (a1/glibcso.tgz, d1/glibc.tgz, des1/descrypt.tgz)
========================================================================
The three locale-related vulnerabilities with glibc-2.1.3 have been
patched using the CVS glibc patches provided by Solar Designer.



PACKAGE INFORMATION:
--------------------
a1/glibcso.tgz:
   This package contains the runtime libraries for glibc 2.1.3.  All
   users of Slackware 7.0 through -current should upgrade this
   package.

d1/glibc.tgz:
   This is the full glibc 2.1.3 package, complete with headers and
   static libraries.  If you had previously installed this package,
   you need to upgrade it.

des1/descrypt.tgz:
   Contains a DES-enabled libcrypt.so library.  If you have this
   package, you need to upgrade it as well.  IMPORTANT:  Be sure to
   upgrade this package *AFTER* glibcso.tgz and glibc.tgz.


WHERE TO FIND THE NEW PACKAGES:
-------------------------------
All new packages can be found in the -current branch:
 
  
  
 


MD5 SIGNATURES AND CHECKSUMS:
-----------------------------
Here are the md5sums and checksums for the packages:

   1119944158 781102 a1/glibcso.tgz
   4150671113 22146158 d1/glibc.tgz
   95989487 95843 des1/descrypt.tgz

   0fa3614e6cdee92687c78d84e2587b81  a1/glibcso.tgz
   7fafee175cf7acee5d90fd416e92d44b  d1/glibc.tgz
   3493af0bae0aeea840a464bc53d3b63f  des1/descrypt.tgz


INSTALLATION INSTRUCTIONS:
--------------------------
The three packages above need to be upgraded in single user mode (runlevel
1).  Bring the system into runlevel 1:

   # telinit 1

Then upgrade the packages:

   # upgradepkg .tgz

Then bring the system back into multiuser mode:

   # telinit 3



Remember, it's also a good idea to backup configuration files before
upgrading packages.


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+


- Slackware Linux Security Team
   The Slackware Linux Project

Slackware: glibc vulnerabilities

September 5, 2000
Three locale-related vulnerabilities with glibc 2.1.3 were recentlyreported on BugTraq

Summary

Where Find New Packages

MD5 Signatures

Severity
Date: Tue, 5 Sep 2000 09:12:59 -0700 (PDT) From: Slackware Security Team <security@slackware.com> To: slackware-security@slackware.com Subject: [slackware-security]: glibc 2.1.3 vulnerabilities patched
Three locale-related vulnerabilities with glibc 2.1.3 were recently reported on BugTraq. These vulnerabilities could allow local users to gain root access.
Users of Slackware 7.0, 7.1, and -current are strongly urged to upgrade to the new glibc packages in the -current branch.
========================================================================glibc 2.1.3 AVAILABLE - (a1/glibcso.tgz, d1/glibc.tgz, des1/descrypt.tgz) ======================================================================== The three locale-related vulnerabilities with glibc-2.1.3 have been patched using the CVS glibc patches provided by Solar Designer.
PACKAGE INFORMATION: -------------------- a1/glibcso.tgz: This package contains the runtime libraries for glibc 2.1.3. All users of Slackware 7.0 through -current should upgrade this package.
d1/glibc.tgz: This is the full glibc 2.1.3 package, complete with headers and static libraries. If you had previously installed this package, you need to upgrade it.
des1/descrypt.tgz: Contains a DES-enabled libcrypt.so library. If you have this package, you need to upgrade it as well. IMPORTANT: Be sure to upgrade this package *AFTER* glibcso.tgz and glibc.tgz.
WHERE TO FIND THE NEW PACKAGES: ------------------------------- All new packages can be found in the -current branch:
MD5 SIGNATURES AND CHECKSUMS: ----------------------------- Here are the md5sums and checksums for the packages:
1119944158 781102 a1/glibcso.tgz 4150671113 22146158 d1/glibc.tgz 95989487 95843 des1/descrypt.tgz
0fa3614e6cdee92687c78d84e2587b81 a1/glibcso.tgz 7fafee175cf7acee5d90fd416e92d44b d1/glibc.tgz 3493af0bae0aeea840a464bc53d3b63f des1/descrypt.tgz
INSTALLATION INSTRUCTIONS: -------------------------- The three packages above need to be upgraded in single user mode (runlevel 1). Bring the system into runlevel 1:
# telinit 1
Then upgrade the packages:
# upgradepkg .tgz
Then bring the system back into multiuser mode:
# telinit 3
Remember, it's also a good idea to backup configuration files before upgrading packages.
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! |
- Slackware Linux Security Team The Slackware Linux Project

Installation Instructions

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved