[PLDSA 45-1] New glibc packages fix arbitrary code execution

Krzysiek Taraszka dzimi at pld.org.pl
Sat May 3 15:44:51 CEST 2003


- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 45-1                        security at pld.org.pl
http://www.pld.org.pl/security/                          PLD Security Team
21 March 2003				http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------

Package        : prior to glibc-2.2.5-22
Vulnerability  : integer overflow
Problem-Type   : remote
PLD-specific   : no
CVE references : CAN-2003-0028
Upstream URL   : www.eeye.com/html/Research/Advisories/AD20030318.html

eEye Digital Security discovered an integer overflow in the
xdrmem_getbytes() function which is also present in GNU libc.  This
function is part of the XDR (external data representation)
encoder/decoder derived from Sun's RPC implementation.  Depending upon
the application, this vulnerability can cause buffer overflows and
could possibly be exploited to execute arbitray code.

The above problems have been fixed in version 2.2.5-23 for the
current stable distribution (ra).

We recommend that you upgrade your glibc packages.

wget -c url
	will fetch the file for you
rpm -Uhv file(s)*.rpm
        will upgrade the referenced file.

If you are using "poldek" - the package manager, use the line as given below
for upgrade packages

poldek --update
        will update the internal database
poldek --upgrade 'glibc*'
        will install corrected packages

If you are using "apt" - the package manager, use the line as given below
for upgrade packages

apt-get update
        will update the internal database
apt-get upgrade 'glibc*'
        will install corrected packages

PLD Linux 1.0 alias ra
- --------------------

  Source archives:

ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/glibc-2.2.5-23.src.rpm
       MD5 checksum: 6ac0e513502b649bf1d316040c527549

  I386 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/glibc-2.2.5-23.i386.rpm
       MD5 checksum: c19612aaa515ef37568e8acc16fa8b2f

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/glibc-devel-2.2.5-23.i386.rpm
       MD5 checksum: 81892ef217fa760a0e3b413159a633b2

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/glibc-memusage-2.2.5-23.i386.rpm
       MD5 checksum: 3bf95e26d3aa2a278662e004d9118ac2

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/glibc-pic-2.2.5-23.i386.rpm
       MD5 checksum: a4e3604c7daeb3eb553c5d57bce7dde6

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/glibc-profile-2.2.5-23.i386.rpm
       MD5 checksum: a81e6214e05a691d12d89a7c368355a9

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/glibc-static-2.2.5-23.i386.rpm
       MD5 checksum: 24e5aaec4b3a14f8b2330a39bdfb7adf

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/iconv-2.2.5-23.i386.rpm
       MD5 checksum: 114bcea8e4bcc5e567c16a87f21f2db5

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/localedb-src-2.2.5-23.i386.rpm
       MD5 checksum: 6f634ce2b13d76ff1b906897249ce649

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/nscd-2.2.5-23.i386.rpm
       MD5 checksum: 3c05b547cfdf517a27cb993ea08df266

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/nss_compat-2.2.5-23.i386.rpm
       MD5 checksum: d55c320df19b70c124df3daf1e72a4d4

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/nss_hesiod-2.2.5-23.i386.rpm
       MD5 checksum: 8061c74ba2d2e0214eb88257e22cc2de

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/nss_nis-2.2.5-23.i386.rpm
       MD5 checksum: 3812db120712391d5e196a647ccaa449

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/nss_nisplus-2.2.5-23.i386.rpm
       MD5 checksum: 66aa50c5eefe29f85109da8a1af35713


  I586 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/glibc-2.2.5-23.i586.rpm
       MD5 checksum: 0ffc2ebe5e5d24fa78603740ce330a30

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/glibc-devel-2.2.5-23.i586.rpm
       MD5 checksum: a4c87aa7d8d4cb1b787f082066e23261

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/glibc-memusage-2.2.5-23.i586.rpm
       MD5 checksum: 0a0244a2e9fc68fbd3d9e3b40a62e99e

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/glibc-pic-2.2.5-23.i586.rpm
       MD5 checksum: 94dd7ab0e2aca4ef878bd127fcca1d69

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/glibc-profile-2.2.5-23.i586.rpm
       MD5 checksum: 497892c4675c100ce06b04d45521440b

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/glibc-static-2.2.5-23.i586.rpm
       MD5 checksum: 991d9dc5443592e6fa48343f795194be

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/iconv-2.2.5-23.i586.rpm
       MD5 checksum: 86b7aed13367176e6d7fc5c3f765a72f

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/localedb-src-2.2.5-23.i586.rpm
       MD5 checksum: 080ed201963a74bcc0827f0b97521a9d

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/nscd-2.2.5-23.i586.rpm
       MD5 checksum: da0dc780390f2c38c409987573f03f26

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/nss_compat-2.2.5-23.i586.rpm
       MD5 checksum: 92cd00372b22d61c96f1db6a2ede16cd

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/nss_hesiod-2.2.5-23.i586.rpm
       MD5 checksum: a53bb57c02d06fe591dacdb71eb6d019

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/nss_nis-2.2.5-23.i586.rpm
       MD5 checksum: 99bab7b0d707bd21cc31f9c405b08c16

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/nss_nisplus-2.2.5-23.i586.rpm
       MD5 checksum: 9474b16ceb1ca1dbb629d1d41c47e329


  I686 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/glibc-2.2.5-23.i686.rpm
       MD5 checksum: d620c555c931b96f9e438e46c1f2917a

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/glibc-devel-2.2.5-23.i686.rpm
       MD5 checksum: 267755365ee6988b15f8a49573a497f7

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/glibc-memusage-2.2.5-23.i686.rpm
       MD5 checksum: 77ecb6117fa6392916ae4d31df5029d1

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/glibc-pic-2.2.5-23.i686.rpm
       MD5 checksum: 5c940c95711c27b402043e3b13403b26

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/glibc-profile-2.2.5-23.i686.rpm
       MD5 checksum: 72ff7b8b15c00bc3f20b58a24ea08450

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/glibc-static-2.2.5-23.i686.rpm
       MD5 checksum: 9b4f3abfdbef2461e0b4e2d057f9d4da

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/iconv-2.2.5-23.i686.rpm
       MD5 checksum: fdaa9d6242fd4e79e9c78048a7f65b9c

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/localedb-src-2.2.5-23.i686.rpm
       MD5 checksum: 79963a3d281e9d3122f8bb5efe9eae81

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/nscd-2.2.5-23.i686.rpm
       MD5 checksum: 199aa0dcd364b0c7f67934c093749cfd

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/nss_compat-2.2.5-23.i686.rpm
       MD5 checksum: ad0ed44f56e15f157bdf6e0ffb4ac516

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/nss_hesiod-2.2.5-23.i686.rpm
       MD5 checksum: 3751b0c20ab0365565b59a57dacfa10e

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/nss_nis-2.2.5-23.i686.rpm
       MD5 checksum: 8f92e31761b3ddbd2ccf90c4ed532de5

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/nss_nisplus-2.2.5-23.i686.rpm
       MD5 checksum: 23c76b74ff4325678ed2778f693a5f1f


  PowerPC Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/glibc-2.2.5-23.ppc.rpm
       MD5 checksum: 292d58fd6d10b92d38640defa8a6560c

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/glibc-devel-2.2.5-23.ppc.rpm
       MD5 checksum: ce64306aeebeddd8490bb35383d3f49f

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/glibc-memusage-2.2.5-23.ppc.rpm
       MD5 checksum: bc899f83d6e3de2f48ce99bb31380b3e

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/glibc-pic-2.2.5-23.ppc.rpm
       MD5 checksum: 8dfc62d4cbed42721b9ba31a0b71bd35

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/glibc-profile-2.2.5-23.ppc.rpm
       MD5 checksum: 971ff04215bfedb55f7845fd3e4c3211

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/glibc-static-2.2.5-23.ppc.rpm
       MD5 checksum: 8aa301a739aecfea5a872eecb299e503

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/iconv-2.2.5-23.ppc.rpm
       MD5 checksum: e7e2625f2438ede3af668ec88bb32027

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/localedb-src-2.2.5-23.ppc.rpm
       MD5 checksum: ff082bc5d4f83364300c0d4402d2bd0c

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/nscd-2.2.5-23.ppc.rpm
       MD5 checksum: f8af9f968190667c800cbffeb830c1c7

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/nss_compat-2.2.5-23.ppc.rpm
       MD5 checksum: d28d6faa2f15bf90fb41416a98588794

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/nss_hesiod-2.2.5-23.ppc.rpm
       MD5 checksum: 4566c141052c49bfdb30bbb98433bf97

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/nss_nis-2.2.5-23.ppc.rpm
       MD5 checksum: 32731f66aad12ff7901e9845122634d8

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/nss_nisplus-2.2.5-23.ppc.rpm
       MD5 checksum: 7fb6f5310fbc6d4925f9255149ab4e7a


-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.

For i386 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security



More information about the pld-security-announce mailing list