[PLDSA 45-1] New glibc packages fix arbitrary code execution
Krzysiek Taraszka
dzimi at pld.org.pl
Sat May 3 15:44:51 CEST 2003
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 45-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
21 March 2003 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : prior to glibc-2.2.5-22
Vulnerability : integer overflow
Problem-Type : remote
PLD-specific : no
CVE references : CAN-2003-0028
Upstream URL : www.eeye.com/html/Research/Advisories/AD20030318.html
eEye Digital Security discovered an integer overflow in the
xdrmem_getbytes() function which is also present in GNU libc. This
function is part of the XDR (external data representation)
encoder/decoder derived from Sun's RPC implementation. Depending upon
the application, this vulnerability can cause buffer overflows and
could possibly be exploited to execute arbitray code.
The above problems have been fixed in version 2.2.5-23 for the
current stable distribution (ra).
We recommend that you upgrade your glibc packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'glibc*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'glibc*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/glibc-2.2.5-23.src.rpm
MD5 checksum: 6ac0e513502b649bf1d316040c527549
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/glibc-2.2.5-23.i386.rpm
MD5 checksum: c19612aaa515ef37568e8acc16fa8b2f
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/glibc-devel-2.2.5-23.i386.rpm
MD5 checksum: 81892ef217fa760a0e3b413159a633b2
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/glibc-memusage-2.2.5-23.i386.rpm
MD5 checksum: 3bf95e26d3aa2a278662e004d9118ac2
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/glibc-pic-2.2.5-23.i386.rpm
MD5 checksum: a4e3604c7daeb3eb553c5d57bce7dde6
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/glibc-profile-2.2.5-23.i386.rpm
MD5 checksum: a81e6214e05a691d12d89a7c368355a9
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/glibc-static-2.2.5-23.i386.rpm
MD5 checksum: 24e5aaec4b3a14f8b2330a39bdfb7adf
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/iconv-2.2.5-23.i386.rpm
MD5 checksum: 114bcea8e4bcc5e567c16a87f21f2db5
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/localedb-src-2.2.5-23.i386.rpm
MD5 checksum: 6f634ce2b13d76ff1b906897249ce649
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/nscd-2.2.5-23.i386.rpm
MD5 checksum: 3c05b547cfdf517a27cb993ea08df266
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/nss_compat-2.2.5-23.i386.rpm
MD5 checksum: d55c320df19b70c124df3daf1e72a4d4
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/nss_hesiod-2.2.5-23.i386.rpm
MD5 checksum: 8061c74ba2d2e0214eb88257e22cc2de
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/nss_nis-2.2.5-23.i386.rpm
MD5 checksum: 3812db120712391d5e196a647ccaa449
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/nss_nisplus-2.2.5-23.i386.rpm
MD5 checksum: 66aa50c5eefe29f85109da8a1af35713
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/glibc-2.2.5-23.i586.rpm
MD5 checksum: 0ffc2ebe5e5d24fa78603740ce330a30
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/glibc-devel-2.2.5-23.i586.rpm
MD5 checksum: a4c87aa7d8d4cb1b787f082066e23261
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/glibc-memusage-2.2.5-23.i586.rpm
MD5 checksum: 0a0244a2e9fc68fbd3d9e3b40a62e99e
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/glibc-pic-2.2.5-23.i586.rpm
MD5 checksum: 94dd7ab0e2aca4ef878bd127fcca1d69
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/glibc-profile-2.2.5-23.i586.rpm
MD5 checksum: 497892c4675c100ce06b04d45521440b
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/glibc-static-2.2.5-23.i586.rpm
MD5 checksum: 991d9dc5443592e6fa48343f795194be
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/iconv-2.2.5-23.i586.rpm
MD5 checksum: 86b7aed13367176e6d7fc5c3f765a72f
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/localedb-src-2.2.5-23.i586.rpm
MD5 checksum: 080ed201963a74bcc0827f0b97521a9d
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/nscd-2.2.5-23.i586.rpm
MD5 checksum: da0dc780390f2c38c409987573f03f26
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/nss_compat-2.2.5-23.i586.rpm
MD5 checksum: 92cd00372b22d61c96f1db6a2ede16cd
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/nss_hesiod-2.2.5-23.i586.rpm
MD5 checksum: a53bb57c02d06fe591dacdb71eb6d019
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/nss_nis-2.2.5-23.i586.rpm
MD5 checksum: 99bab7b0d707bd21cc31f9c405b08c16
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/nss_nisplus-2.2.5-23.i586.rpm
MD5 checksum: 9474b16ceb1ca1dbb629d1d41c47e329
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/glibc-2.2.5-23.i686.rpm
MD5 checksum: d620c555c931b96f9e438e46c1f2917a
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/glibc-devel-2.2.5-23.i686.rpm
MD5 checksum: 267755365ee6988b15f8a49573a497f7
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/glibc-memusage-2.2.5-23.i686.rpm
MD5 checksum: 77ecb6117fa6392916ae4d31df5029d1
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/glibc-pic-2.2.5-23.i686.rpm
MD5 checksum: 5c940c95711c27b402043e3b13403b26
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/glibc-profile-2.2.5-23.i686.rpm
MD5 checksum: 72ff7b8b15c00bc3f20b58a24ea08450
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/glibc-static-2.2.5-23.i686.rpm
MD5 checksum: 9b4f3abfdbef2461e0b4e2d057f9d4da
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/iconv-2.2.5-23.i686.rpm
MD5 checksum: fdaa9d6242fd4e79e9c78048a7f65b9c
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/localedb-src-2.2.5-23.i686.rpm
MD5 checksum: 79963a3d281e9d3122f8bb5efe9eae81
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/nscd-2.2.5-23.i686.rpm
MD5 checksum: 199aa0dcd364b0c7f67934c093749cfd
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/nss_compat-2.2.5-23.i686.rpm
MD5 checksum: ad0ed44f56e15f157bdf6e0ffb4ac516
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/nss_hesiod-2.2.5-23.i686.rpm
MD5 checksum: 3751b0c20ab0365565b59a57dacfa10e
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/nss_nis-2.2.5-23.i686.rpm
MD5 checksum: 8f92e31761b3ddbd2ccf90c4ed532de5
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/nss_nisplus-2.2.5-23.i686.rpm
MD5 checksum: 23c76b74ff4325678ed2778f693a5f1f
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/glibc-2.2.5-23.ppc.rpm
MD5 checksum: 292d58fd6d10b92d38640defa8a6560c
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/glibc-devel-2.2.5-23.ppc.rpm
MD5 checksum: ce64306aeebeddd8490bb35383d3f49f
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/glibc-memusage-2.2.5-23.ppc.rpm
MD5 checksum: bc899f83d6e3de2f48ce99bb31380b3e
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/glibc-pic-2.2.5-23.ppc.rpm
MD5 checksum: 8dfc62d4cbed42721b9ba31a0b71bd35
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/glibc-profile-2.2.5-23.ppc.rpm
MD5 checksum: 971ff04215bfedb55f7845fd3e4c3211
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/glibc-static-2.2.5-23.ppc.rpm
MD5 checksum: 8aa301a739aecfea5a872eecb299e503
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/iconv-2.2.5-23.ppc.rpm
MD5 checksum: e7e2625f2438ede3af668ec88bb32027
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/localedb-src-2.2.5-23.ppc.rpm
MD5 checksum: ff082bc5d4f83364300c0d4402d2bd0c
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/nscd-2.2.5-23.ppc.rpm
MD5 checksum: f8af9f968190667c800cbffeb830c1c7
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/nss_compat-2.2.5-23.ppc.rpm
MD5 checksum: d28d6faa2f15bf90fb41416a98588794
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/nss_hesiod-2.2.5-23.ppc.rpm
MD5 checksum: 4566c141052c49bfdb30bbb98433bf97
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/nss_nis-2.2.5-23.ppc.rpm
MD5 checksum: 32731f66aad12ff7901e9845122634d8
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/nss_nisplus-2.2.5-23.ppc.rpm
MD5 checksum: 7fb6f5310fbc6d4925f9255149ab4e7a
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list