LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Slackware: 2010-301-01: glibc: Security Update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Slackware New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. [More Info...]
[slackware-security]  glibc (SSA:2010-301-01)

New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
and -current to fix a security issue.


Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/glibc-2.11.1-i486-5_slack13.1.txz:  Rebuilt.
  Patched "The GNU C library dynamic linker will dlopen arbitrary DSOs
  during setuid loads."  This security issue allows a local attacker to
  gain root by specifying an unsafe DSO in the library search path to be
  used with a setuid binary in LD_AUDIT mode.
  Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
    http://seclists.org/fulldisclosure/2010/Oct/344
  (* Security fix *)
patches/packages/glibc-i18n-2.11.1-i486-5_slack13.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.11.1-i486-5_slack13.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.11.1-i486-5_slack13.1.txz:  Upgraded.
  (* Security fix *)
patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz:  Upgraded.
  Rebuilt to tzcode2010n and tzdata2010n.
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-2.5-i486-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-i18n-2.5-noarch-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-profile-2.5-i486-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-solibs-2.5-i486-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-zoneinfo-2.5-noarch-9_slack12.0.tgz

Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-2.7-i486-12_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-i18n-2.7-noarch-12_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-profile-2.7-i486-12_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-solibs-2.7-i486-12_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-zoneinfo-2.7-noarch-12_slack12.0.tgz

Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-2.7-i486-19_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-i18n-2.7-noarch-19_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-profile-2.7-i486-19_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-solibs-2.7-i486-19_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-zoneinfo-2.7-noarch-19_slack12.2.tgz

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-2.9-i486-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-i18n-2.9-i486-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-profile-2.9-i486-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-solibs-2.9-i486-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-zoneinfo-2.9-noarch-5_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-2.9-x86_64-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-i18n-2.9-x86_64-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-profile-2.9-x86_64-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-solibs-2.9-x86_64-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-zoneinfo-2.9-noarch-5_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.12.1-i486-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2.12.1-noarch-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.12.1-i486-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.12.1-i486-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.12.1-i486-3.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.12.1-x86_64-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2.12.1-noarch-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.12.1-x86_64-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.12.1-x86_64-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.12.1-x86_64-3.txz


MD5 signatures:
+-------------+

Slackware 12.0 packages:
8d468bef0a3b50325d77ab996b5a9d9a  glibc-2.5-i486-6_slack12.0.tgz
b01d3fecfd3ed105c5c141a3dc7af401  glibc-i18n-2.5-noarch-6_slack12.0.tgz
caf14c4ad8e444000220bc7cc256c495  glibc-profile-2.5-i486-6_slack12.0.tgz
451af23d75820fac2d4bb431b5830b85  glibc-solibs-2.5-i486-6_slack12.0.tgz
119d0d794a46f94bc17f83f0ac06a3d3  glibc-zoneinfo-2.5-noarch-9_slack12.0.tgz

Slackware 12.1 packages:
ccc6cad27bc0fb344656cde9a13b38ba  glibc-2.7-i486-12_slack12.1.tgz
5d898df2a09262f7257d3eda50a57d68  glibc-i18n-2.7-noarch-12_slack12.1.tgz
068a14a920b5081cb70d83d9b0f84241  glibc-profile-2.7-i486-12_slack12.1.tgz
84cb8ee27e6f839c9d0c5f6817ad8730  glibc-solibs-2.7-i486-12_slack12.1.tgz
59355d9135e1c63a47cefb8b1913a482  glibc-zoneinfo-2.7-noarch-12_slack12.0.tgz

Slackware 12.2 packages:
92731f67629c32a3944568e5e45f7eea  glibc-2.7-i486-19_slack12.2.tgz
0186435a93d1b21d9b8583698141eac6  glibc-i18n-2.7-noarch-19_slack12.2.tgz
75b2c8928bfcee081eaa2e24b80ba9c3  glibc-profile-2.7-i486-19_slack12.2.tgz
3fb2a406f8625e307a455d9c8ecc8589  glibc-solibs-2.7-i486-19_slack12.2.tgz
e5b641e76bd83f1b78d15918e37861b3  glibc-zoneinfo-2.7-noarch-19_slack12.2.tgz

Slackware 13.0 packages:
1db19f0d2e560237d7e7b563edac1717  glibc-2.9-i486-5_slack13.0.txz
605c3e4727111314a3b352c1043e3c70  glibc-i18n-2.9-i486-5_slack13.0.txz
3846ded61e77d33d2b6d2b09a2c8a9e8  glibc-profile-2.9-i486-5_slack13.0.txz
766f590fa9f9afac74a3395464d563f5  glibc-solibs-2.9-i486-5_slack13.0.txz
4726810af74ad4fadf06a6ff804a0c28  glibc-zoneinfo-2.9-noarch-5_slack13.0.txz

Slackware x86_64 13.0 packages:
909942f6df189166b39fb5b6e3781731  glibc-2.9-x86_64-5_slack13.0.txz
ee4e1d3994bf63d7aeea7fcc4fd26d12  glibc-i18n-2.9-x86_64-5_slack13.0.txz
6602482f69059373ac0831c669d53acf  glibc-profile-2.9-x86_64-5_slack13.0.txz
281ab0a7b97cc848f508c33339932eac  glibc-solibs-2.9-x86_64-5_slack13.0.txz
df641f4c6bd461b6e0d7f517829081ba  glibc-zoneinfo-2.9-noarch-5_slack13.0.txz

Slackware 13.1 packages:
6527a72a8454bf4bdb310e02e0da83b1  glibc-2.11.1-i486-5_slack13.1.txz
c4a2ebb19582db01f411dc1ff48b5b73  glibc-i18n-2.11.1-i486-5_slack13.1.txz
626a6183a927a5afc71997f40c6385d3  glibc-profile-2.11.1-i486-5_slack13.1.txz
15b9ca16b5f61f819c3da72f9e5e3c99  glibc-solibs-2.11.1-i486-5_slack13.1.txz
f118773d1bb266378f80b4cb2c5287b2  glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz

Slackware x86_64 13.1 packages:
037e2ccd9a3696db1203f4067e375cf4  glibc-2.11.1-x86_64-5_slack13.1.txz
13a43ca43e61861a581181f59a6ec62f  glibc-i18n-2.11.1-x86_64-5_slack13.1.txz
1898b8bde310da6bbf2147e789e67200  glibc-profile-2.11.1-x86_64-5_slack13.1.txz
a0914b17959f521cc6b93218735c8a48  glibc-solibs-2.11.1-x86_64-5_slack13.1.txz
3f5621fbe482cbc287155400c5012f84  glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz

Slackware -current packages:
0ed6d0e2079be5d275455739cdaf0549  a/glibc-solibs-2.12.1-i486-3.txz
b23dbc1e4ba31fd6827fd51012da7d6d  a/glibc-zoneinfo-2.12.1-noarch-3.txz
3ea2bf3794eec46fc8870699277725b6  l/glibc-2.12.1-i486-3.txz
d0afd8e838dbe00ae12b0e04e8f025d2  l/glibc-i18n-2.12.1-i486-3.txz
f919fe010cfcb28eb5de849028894d4a  l/glibc-profile-2.12.1-i486-3.txz

Slackware x86_64 -current packages:
b068c1e12d49d1cf968db8fffdf1f4a4  a/glibc-solibs-2.12.1-x86_64-3.txz
87c200831200e3e626a1a068167041fd  a/glibc-zoneinfo-2.12.1-noarch-3.txz
12fe9ab9e109c162e93215a4995478cd  l/glibc-2.12.1-x86_64-3.txz
bc676d8921404ee9fd520137f60d7d3f  l/glibc-i18n-2.12.1-x86_64-3.txz
44bb2cf6ecde7a6bcf49a69ca62254ff  l/glibc-profile-2.12.1-x86_64-3.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg glibc-*.t?z


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.