LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 2nd, 2014
Linux Advisory Watch: August 29th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Slackware: 2010-295-01: glibc: Security Update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Slackware New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. [More Info...]
[slackware-security]  glibc (SSA:2010-295-01)

New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
and -current to fix a security issue.


Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/glibc-2.11.1-i486-4_slack13.1.txz:  Rebuilt.
  Patched "dynamic linker expands $ORIGIN in setuid library search path".
  This security issue allows a local attacker to gain root if they can create
  a hard link to a setuid root binary.  Thanks to Tavis Ormandy.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
    http://seclists.org/fulldisclosure/2010/Oct/257
  (* Security fix *)
patches/packages/glibc-i18n-2.11.1-i486-4_slack13.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.11.1-i486-4_slack13.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.11.1-i486-4_slack13.1.txz:  Rebuilt.
patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz:  Rebuilt.
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-2.5-i486-5_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-i18n-2.5-noarch-5_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-profile-2.5-i486-5_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-solibs-2.5-i486-5_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz

Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-2.7-i486-11_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-i18n-2.7-noarch-11_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-profile-2.7-i486-11_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-solibs-2.7-i486-11_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-zoneinfo-2.7-noarch-11_slack12.1.tgz

Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-2.7-i486-18_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-i18n-2.7-noarch-18_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-profile-2.7-i486-18_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-solibs-2.7-i486-18_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-zoneinfo-2.7-noarch-18_slack12.2.tgz

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-2.9-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-i18n-2.9-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-profile-2.9-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-solibs-2.9-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-2.9-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-i18n-2.9-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-profile-2.9-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-solibs-2.9-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.12.1-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2.12.1-noarch-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.12.1-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.12.1-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.12.1-i486-2.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.12.1-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2.12.1-noarch-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.12.1-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.12.1-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.12.1-x86_64-2.txz


MD5 signatures:
+-------------+

Slackware 12.0 packages:
fe218536818e92a129c1bc54c939746d  glibc-2.5-i486-5_slack12.0.tgz
44a61910ef911b8577d8ffe6db25a4d0  glibc-i18n-2.5-noarch-5_slack12.0.tgz
646f591a5a7f276d26d1731dff195417  glibc-profile-2.5-i486-5_slack12.0.tgz
a230abf524edc643ce004c1ff64f512b  glibc-solibs-2.5-i486-5_slack12.0.tgz
e6de7535e8271d0db267263915a70e22  glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz

Slackware 12.1 packages:
c0fdd589622cdb60381c2f28f2bfff1a  glibc-2.7-i486-11_slack12.1.tgz
7ce224522417c2aeaa131f915a09e479  glibc-i18n-2.7-noarch-11_slack12.1.tgz
f4a4ad055eb2aa1ecb984917d868b242  glibc-profile-2.7-i486-11_slack12.1.tgz
2cc062234dc826841222e80ce1b4ce06  glibc-solibs-2.7-i486-11_slack12.1.tgz
9a2f1fdf3185bc9ce2e641b6c94bf33b  glibc-zoneinfo-2.7-noarch-11_slack12.1.tgz

Slackware 12.2 packages:
63d1f63892d856a1f809cc8d4b794453  glibc-2.7-i486-18_slack12.2.tgz
f0de3e78497498323f089ddb56ba5f51  glibc-i18n-2.7-noarch-18_slack12.2.tgz
e30bd13da86ef3c127dedb7a31a490fd  glibc-profile-2.7-i486-18_slack12.2.tgz
26c50351c530bc569ed2664aa8ea1ab0  glibc-solibs-2.7-i486-18_slack12.2.tgz
077fcc888ee6ebcfc00018043754d199  glibc-zoneinfo-2.7-noarch-18_slack12.2.tgz

Slackware 13.0 packages:
1b8f954339e7f33b2149193964b83070  glibc-2.9-i486-4_slack13.0.txz
abd450ab5ef57d775561e2a9fc9cc83a  glibc-i18n-2.9-i486-4_slack13.0.txz
82fb6947e1a6cfa49ba633cb85da1970  glibc-profile-2.9-i486-4_slack13.0.txz
dfe9770d051633ba612622651b872912  glibc-solibs-2.9-i486-4_slack13.0.txz
997fc370ffb9c47542371854b77d20f1  glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Slackware x86_64 13.0 packages:
da45460ae0ca09a4ead864e4ec536699  glibc-2.9-x86_64-4_slack13.0.txz
872227d8d5615881c72fd40ee8df685c  glibc-i18n-2.9-x86_64-4_slack13.0.txz
b3862eb5479a8c8a807395267fdf80b0  glibc-profile-2.9-x86_64-4_slack13.0.txz
12bd96ae14d54e30bdb3ef6f7cc233cf  glibc-solibs-2.9-x86_64-4_slack13.0.txz
3c77b4da325e30d1a5b33dd08e8778ff  glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Slackware 13.1 packages:
a54af004a11c4dd22aac80a1987a2eb6  glibc-2.11.1-i486-4_slack13.1.txz
0d5b3848b6ca455e40acaeb5f96e171e  glibc-i18n-2.11.1-i486-4_slack13.1.txz
e139fea062d772e1777e74c657101f82  glibc-profile-2.11.1-i486-4_slack13.1.txz
5587f6b82dc3e2f8e7644500c98587ec  glibc-solibs-2.11.1-i486-4_slack13.1.txz
eac27b0a86c8d214356f4c129d9a7272  glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Slackware x86_64 13.1 packages:
304f9204bef835b10840b71fcaad4354  glibc-2.11.1-x86_64-4_slack13.1.txz
bca59e40ffcf3069c70eb15947eb04e9  glibc-i18n-2.11.1-x86_64-4_slack13.1.txz
03f09bf10f5a61285b5bfdf9e2009137  glibc-profile-2.11.1-x86_64-4_slack13.1.txz
27bb1cac7066a76dab2f04a2fcb3a14c  glibc-solibs-2.11.1-x86_64-4_slack13.1.txz
236372130178abc826e09eaa12dd7db5  glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Slackware -current packages:
39b8c96ef2161c86cd13ee8fd240bf97  a/glibc-solibs-2.12.1-i486-2.txz
f26f8165f418b0d8120ee3d44c0dbd14  a/glibc-zoneinfo-2.12.1-noarch-2.txz
d7ef55b89b6c5d350d81e377317a6610  l/glibc-2.12.1-i486-2.txz
bcf549bf173537bef56e823216a2eb59  l/glibc-i18n-2.12.1-i486-2.txz
77da2dd0aa8504b8446638282bfd39a6  l/glibc-profile-2.12.1-i486-2.txz

Slackware x86_64 -current packages:
046aa5bccd77f9b7ab8be35a609d20b5  a/glibc-solibs-2.12.1-x86_64-2.txz
07c3df0db68615c529b90a31ba9125eb  a/glibc-zoneinfo-2.12.1-noarch-2.txz
60049dd502b2ad4d1ffd9f0e4c5790cf  l/glibc-2.12.1-x86_64-2.txz
2ff8df667920817e2654f6af3f3787fa  l/glibc-i18n-2.12.1-x86_64-2.txz
728482177fec580983a40eaa7d1a88ee  l/glibc-profile-2.12.1-x86_64-2.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg glibc-*.t?z


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.