glibc-2.2 contains a local vulnerability that affects all setuid root
binaries.  Any user on affected systems will be able to read any file on
the system through a simple process:  The user sets the RESOLV_HOST_CONF
environment variable to the name of the file that they wish to read, then
runs any setuid root program that makes use of that variable.  The file is
then written to stderr.

The original BugTraq announcement can be read at the following URL:

    

Users of Slackware -current are strongly urged to upgrade to the new
glibc packages in the -current branch.

========================================================================glibc 2.2 AVAILABLE - (a1/glibcso.tgz, d1/glibc.tgz)
========================================================================
PACKAGE INFORMATION:
--------------------
a1/glibcso.tgz:
   This package contains the runtime libraries for glibc 2.2  All users   of Slackware -current should upgrade this package.

d1/glibc.tgz:
   This is the full glibc 2.2 package, complete with headers and static
   libraries.  If you had previously installed this package, you need
   to upgrade it.

WHERE TO FIND THE NEW PACKAGES:
-------------------------------
All new packages can be found in the -current branch:
 
  
 

MD5 SIGNATURES AND CHECKSUMS:
-----------------------------
Here are the md5sums and checksums for the packages:

   16-bit "sum" checksum:
   39060  1054   a1/glibcso.tgz
   61562 26779   d1/glibc.tgz

   128-bit MD5 message digest:
   6ea2e3fecf1a1a970f1e37b7be7c12aa  a1/glibcso.tgz
   4f1e8ef903f1d0dd675aaf0cc3926177  d1/glibc.tgz

INSTALLATION INSTRUCTIONS:
--------------------------
It is recommended that the two packages above be upgraded in single user
mode (runlevel 1).  Bring the system into runlevel 1:

   # telinit 1

Then upgrade the packages:

   # upgradepkg .tgz

Then bring the system back into multiuser mode:

   # telinit 3


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
   The Slackware Linux Project

Slackware: 'glibc' vulnerability

January 11, 2001
glibc-2.2 contains a local vulnerability that affects all setuid rootbinaries.

Summary

Where Find New Packages

MD5 Signatures

Severity
glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLV_HOST_CONF environment variable to the name of the file that they wish to read, then runs any setuid root program that makes use of that variable. The file is then written to stderr.
The original BugTraq announcement can be read at the following URL:
Users of Slackware -current are strongly urged to upgrade to the new glibc packages in the -current branch.
========================================================================glibc 2.2 AVAILABLE - (a1/glibcso.tgz, d1/glibc.tgz) ======================================================================== PACKAGE INFORMATION: -------------------- a1/glibcso.tgz: This package contains the runtime libraries for glibc 2.2 All users of Slackware -current should upgrade this package.
d1/glibc.tgz: This is the full glibc 2.2 package, complete with headers and static libraries. If you had previously installed this package, you need to upgrade it.
WHERE TO FIND THE NEW PACKAGES: ------------------------------- All new packages can be found in the -current branch:
MD5 SIGNATURES AND CHECKSUMS: ----------------------------- Here are the md5sums and checksums for the packages:
16-bit "sum" checksum: 39060 1054 a1/glibcso.tgz 61562 26779 d1/glibc.tgz
128-bit MD5 message digest: 6ea2e3fecf1a1a970f1e37b7be7c12aa a1/glibcso.tgz 4f1e8ef903f1d0dd675aaf0cc3926177 d1/glibc.tgz
INSTALLATION INSTRUCTIONS: -------------------------- It is recommended that the two packages above be upgraded in single user mode (runlevel 1). Bring the system into runlevel 1:
# telinit 1
Then upgrade the packages:
# upgradepkg .tgz
Then bring the system back into multiuser mode:
# telinit 3
Remember, it's also a good idea to backup configuration files before upgrading packages.
- Slackware Linux Security Team The Slackware Linux Project

Installation Instructions

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved