73273 2002-08-14 19:06 /98 rader/ Trustix Secure Linux Advisor <tsl@trustix.com> Importerad: 2002-08-14 19:06 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <1095> Ärende: TSLSA-2002-0067 - glibc ------------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2002-0067 Package name: glibc Summary: Remote exploit Date: 2002-08-13 Affected versions: TSL 1.1, 1.2, 1.5 - -------------------------------------------------------------------------- Problem description: This package fixes the following problems: * Overflow in bind derived resolver library. * Integer overslow in the Sun RPC library. * Integer overflow in the malloc parts. * Reduce linebuflen in parallel to bumping up the buffer pointer. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All TSL updates are available from <URI:http://www.trustix.net/pub/Trustix/updates/> <URI:ftp://ftp.trustix.net/pub/Trustix/updates/> Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Get SWUP from: <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/> Public testing: These packages have been available for public testing for some time. If you want to contribute by testing the various packages in the testing tree, please feel free to share your findings on the tsl-discuss mailinglist. The testing tree is located at <URI:http://www.trustix.net/pub/Trustix/testing/> <URI:ftp://ftp.trustix.net/pub/Trustix/testing/> Questions? Check out our mailing lists: <URI:http://www.trustix.net/support/> Verification: This advisory along with all TSL packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.net/TSL-GPG-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.net/errata/trustix-1.2/> and <URI:http://www.trustix.net/errata/trustix-1.5/> or directly at <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0067-glibc.asc.txt> MD5sums of the packages: - -------------------------------------------------------------------------- 583c421c5d44cf737ba0c7939d43cf24 ./1.5/SRPMS/glibc-2.1.3-20tr.src.rpm 944dbba29045a2584d8e371d515b2da9 ./1.5/RPMS/nscd-2.1.3-20tr.i586.rpm 45e423f78594fe4e3cfc393db6121fc6 ./1.5/RPMS/glibc-profile-2.1.3-20tr.i586.rpm 90379ed7616003ee6fd2f74128cb921c ./1.5/RPMS/glibc-devel-2.1.3-20tr.i586.rpm 9cf54622330e596389a58bf6ae559a7e ./1.5/RPMS/glibc-2.1.3-20tr.i586.rpm 583c421c5d44cf737ba0c7939d43cf24 ./1.2/SRPMS/glibc-2.1.3-20tr.src.rpm fb93bc0c5495342c653814dfef9e29cf ./1.2/RPMS/nscd-2.1.3-20tr.i586.rpm 9486f5b03c8253ca16ca570d991d20d7 ./1.2/RPMS/glibc-profile-2.1.3-20tr.i586.rpm fd345d086ed1640a93c506f8a9dee2d1 ./1.2/RPMS/glibc-devel-2.1.3-20tr.i586.rpm 2942b22c04e070607ad97c60f9a688e5 ./1.2/RPMS/glibc-2.1.3-20tr.i586.rpm 583c421c5d44cf737ba0c7939d43cf24 ./1.1/SRPMS/glibc-2.1.3-20tr.src.rpm 4d725de24d3e26abeff43b38695d35e7 ./1.1/RPMS/nscd-2.1.3-20tr.i586.rpm 4229dcff907663b584924906f2e578a2 ./1.1/RPMS/glibc-profile-2.1.3-20tr.i586.rpm 886cf4f2e6c90efa00b4d79a852b42d2 ./1.1/RPMS/glibc-devel-2.1.3-20tr.i586.rpm 4376b2025fac945d8e27e64b41278313 ./1.1/RPMS/glibc-2.1.3-20tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9Wh2+wRTcg4BxxS0RAtIPAJ4r9GnZUQP9PDHq6HZz8DStkhbBeQCeOxAp cbigkxoWMHp16JVBZ00Ufq8= =PuA+ -----END PGP SIGNATURE----- (73273) /Trustix Secure Linux Advisor <tsl@trustix.com>/