-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2058-1                  security@debian.org
http://www.debian.org/security/                           Aurelien Jarno
June 10, 2010                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : glibc, eglibc
Vulnerability  : multiple 
Problem type   : remote (local)
Debian-specific: no
CVE Id(s)      : CVE-2008-1391 CVE-2009-4880, CVE-2009-4881
                 CVE-2010-0296 CVE-2010-0830
Debian Bug     : 583908

Several vulnerabilities have been discovered in the GNU C Library (aka
glibc) and its derivatives. The Common Vulnerabilities and Exposures 
project identifies the following problems:


CVE-2008-1391, CVE-2009-4880, CVE-2009-4881

Maksymilian Arciemowicz discovered that the GNU C library did not
correctly handle integer overflows in the strfmon family of 
functions. If a user or automated system were tricked into 
processing a specially crafted format string, a remote attacker 
could crash applications, leading to a denial of service.


CVE-2010-0296

Jeff Layton and Dan Rosenberg discovered that the GNU C library did
not correctly handle newlines in the mntent family of functions. If
a local attacker were able to inject newlines into a mount entry 
through other vulnerable mount helpers, they could disrupt the 
system or possibly gain root privileges.


CVE-2010-0830

Dan Rosenberg discovered that the GNU C library did not correctly
validate certain ELF program headers.  If a user or automated system
were tricked into verifying a specially crafted ELF program, a 
remote attacker could execute arbitrary code with user privileges.

For the stable distribution (lenny), these problems have been fixed in
version 2.7-18lenny4 of the glibc package.

For the testing distribution (squeeze), these problems will be fixed soon.

For the unstable distribution (sid), these problems has been fixed in
version 2.1.11-1 of the eglibc package.

We recommend that you upgrade your glibc or eglibc packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:   749289 dcb022bd274969ef458933d45b06cca8
      Size/MD5 checksum: 15386750 8816fbab13a072c0ccef6640c9d20833
      Size/MD5 checksum:     2564 f5b705bcda1bc7674aa33fb07f417f98

Architecture independent packages:

      Size/MD5 checksum: 16007014 fd3b316ef085ea9ce71dc67fefd92dc0
      Size/MD5 checksum:  4488186 b9beabe612fbfb014faadef6543e7fab
      Size/MD5 checksum:  1629166 da396340195ba0214d1d7827ed225341

alpha architecture (DEC Alpha)

      Size/MD5 checksum:  1769494 7082c894a96d6fdc009e15c7773c3108
      Size/MD5 checksum:  5716658 7ab5b5510afdbeb0e20ccc2ae1df1778
      Size/MD5 checksum:    18210 e65e4f7d9f55c3e6974fe2112ed076a2
      Size/MD5 checksum:  3029160 d05c22d8263423dbc334a60c04acec89
      Size/MD5 checksum:    10600 c6af958e690622f8a204ed1401f44ce9
      Size/MD5 checksum:  5184660 a1f37830cb0ae5ee79bf479cc92094e4
      Size/MD5 checksum:  2491830 e3e70cb621bd954acb41700e7fb00fba
      Size/MD5 checksum:   177484 c350540ea1beb15e5a49b39a72a4d230
      Size/MD5 checksum:  1621366 d77b66d4fa5900d12a756c808d61ce5d
      Size/MD5 checksum:  2787424 6f6d688cc842bd300026c5dd419eeb4f
      Size/MD5 checksum:  1264256 0e6f61da8287a1be45e8f40f659d4200

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:  1460218 4dac6728d0871d40df88dde09416ee53
      Size/MD5 checksum:  2666642 e7e12628c095b56bc66bd1fbb7bb9a1a
      Size/MD5 checksum:  3777974 3a08b45214739c18109aa80ee3957c5c
      Size/MD5 checksum:  5330838 02ca70069fe3c8186d5b15add9979a31
      Size/MD5 checksum:  4961058 f6bc2c4255027b03177a96b48a996e95
      Size/MD5 checksum:  1930754 5da596cd4e30c190e635a1a5df518dc3
      Size/MD5 checksum:     9420 64592a07de5985508ffd227334dedf6a
      Size/MD5 checksum:   174984 ae190a5aa0266289018cf4beb2a9d2c1
      Size/MD5 checksum:  2497244 19d1cb7764663e2a4a40099f446c9821
      Size/MD5 checksum:  1465692 37f18d20c182623bcc4d6243b87bce01
      Size/MD5 checksum:    18310 4402c007e74d12c5bb9a76f34d3d9e01
      Size/MD5 checksum:  1106390 bee92ec4cb4c6b41d27e0dd5fe7c729b

arm architecture (ARM)

      Size/MD5 checksum:    14570 0026ea37fbcdf9fa17222cbc242cc603
      Size/MD5 checksum:  2318296 b46a306ef0c8d2ddc11ad7c64140b92e
      Size/MD5 checksum:  2605208 9dc14baa617ba8bc86bcc5ce8ae52d9d
      Size/MD5 checksum:  1026072 9b075e76c05af156533c59c519143da3
      Size/MD5 checksum:  5076094 06eb33e2cc52f04919d500520b1e5af7
      Size/MD5 checksum:   172416 5a5b3848ad34faccefece22ffd9379c7
      Size/MD5 checksum:  1323960 8164796dcc2838f364958c4e65ceb077
      Size/MD5 checksum:  4801574 e0ccb2317094ba28772dd70b72e6ae3f
      Size/MD5 checksum:     8406 20fe23561274294f4be4900cdc431088
      Size/MD5 checksum:  1779106 c0242bc449f2f4defab3eed9b0b31fd2

armel architecture (ARM EABI)

      Size/MD5 checksum:  5116350 ed5ceee3e916439b534ddb23fbc2ab91
      Size/MD5 checksum:  1895344 07b2893a5fa7aed15561e410bd93f783
      Size/MD5 checksum:  1085156 3157d36d0376d692baa7ab00e3c6c1dd
      Size/MD5 checksum:  2715326 0f3ebf286794d696b30d3d0b9d56004b
      Size/MD5 checksum:  1394808 9a074d23294dbe9b9e22f876b6c08ec1
      Size/MD5 checksum:   171346 c4448e74dfa19735ed94658d3744f2f9
      Size/MD5 checksum:     8158 e2264930a0aea372106a0671cea6a40a
      Size/MD5 checksum:  2433932 9dae6f6e8ec2d493080aa4974e4315df
      Size/MD5 checksum:  4868196 d06b1acfd00c3af245f72c66d783a0f6
      Size/MD5 checksum:    14554 5b61be5f99c9187d6824c280320abaf0

hppa architecture (HP PA RISC)

      Size/MD5 checksum:    18530 4e2027a635625f7d44b35e92d1b97975
      Size/MD5 checksum:  1959090 a29d92db6c7452bcb6f23f6ca5152318
      Size/MD5 checksum:  5946144 a3bf8abc9280a74360567c0ce6de1fc1
      Size/MD5 checksum:  1120558 3f07b7f229d5be460c27ba24dbced23b
      Size/MD5 checksum:     9744 4cef21fdb76ff503717b148a3cc7c9bd
      Size/MD5 checksum:  2482508 42d7c830f524cd72e5a5c63260518a25
      Size/MD5 checksum:  1471474 12383490d2304d3081b68792fbc6d953
      Size/MD5 checksum:  2804918 957d741d58375a8279d9bf1ce5e767ec
      Size/MD5 checksum:  5106022 27112fe1d8a4efd12b01f80b52b1cfac
      Size/MD5 checksum:   179262 6f7b3d7df37600d2473b9e741194e8a7

i386 architecture (Intel ia32)

      Size/MD5 checksum:   171844 ba99da60d21b46531cf5a9efc06e4526
      Size/MD5 checksum:   823832 185aeb3599a787317757f2a669d38668
      Size/MD5 checksum:  4550320 b601d6184daca73e71c069dbbec18e3b
      Size/MD5 checksum:  1154430 8db3712e4227cdb7b93942484eb71cb1
      Size/MD5 checksum:     8686 7b75f9cb36a35f3731c879db4b3f1886
      Size/MD5 checksum:  1267282 e68152a3929f76782ab9198fb8fbff85
      Size/MD5 checksum:  3387248 9cdb8401cead8afdd9f3e5da7bf673f8
      Size/MD5 checksum:  2757192 0fa3be55609c6194d44fb6fd43239b6a
      Size/MD5 checksum:  1271974 22b0780c2d4a4d4ae933f445e0593759
      Size/MD5 checksum:  4141064 81f89eabeaa6bf6fbf308fccc08398fd
      Size/MD5 checksum:  1439560 5d6dfc14194c12ff9f32370c90b820d4
      Size/MD5 checksum:  5227630 2a291ce43133a023c62ded8981d7e7c1
      Size/MD5 checksum:  2013794 606bef244b7fd348000fcd4664afe1eb
      Size/MD5 checksum:    15430 b2bab9ce9e5cd7d522a35ef7c4833576

ia64 architecture (Intel ia64)

      Size/MD5 checksum:  2669336 ea49adaffc0d38c758cd51ddbdf4ac2b
      Size/MD5 checksum:  1382700 f4624d9da473c05df2af96b21beca23a
      Size/MD5 checksum:  5631150 20c99e91f17e0807eea7a9105c967c74
      Size/MD5 checksum:  6265268 3b4d57d487312e1469b326d97d5adc43
      Size/MD5 checksum:    12938 f3624c78267bff32219a2e9f77aa4c6d
      Size/MD5 checksum:  3234170 ad0e1341214cc691f094484c1809f4eb
      Size/MD5 checksum:  2690204 30f4c9e4a601253b0e3879bec11b5be4
      Size/MD5 checksum:   197936 eba3b4d41c214d32a50c100c823f62c6
      Size/MD5 checksum:    22610 ed1cb78c022f4c8410fc9fbb11a5b024
      Size/MD5 checksum:  1743334 afafc27db97fae6af8475335ccb7ecce

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:  2083026 997c153a4764dd0b4df5c49516448fe1
      Size/MD5 checksum:  1075286 7a0b1d333b7f2845cd696b23176e4086
      Size/MD5 checksum:  2774510 91ee6ad39f8cb4299351725c34834f3c
      Size/MD5 checksum:     8900 05e3412e81e41dba932012299ad1c6b9
      Size/MD5 checksum:  2502016 1b9f1b03137d28d412efeccfabfc129e
      Size/MD5 checksum:  2634372 4d64360c5b1d1574bafbd1c1e2ebd37b
      Size/MD5 checksum:   173274 dd0b16d480f6caf243a78c86fd2881e9
      Size/MD5 checksum:  9232740 264af461f35baac3c8d47e3ea1aa94dc
      Size/MD5 checksum:  4355348 8bcc7566fb3dc39b290340b530db38e6
      Size/MD5 checksum:  5618994 9ed756a5187a9f2b78cd9c3f4c302b66
      Size/MD5 checksum:  2360594 1715033754e2c0cb881cf80dc14f2353
      Size/MD5 checksum:    15268 b424520237d4ed24e449cb84eb35d533
      Size/MD5 checksum:  1497378 5674b015f009c8df673e8efc2cb0df59
      Size/MD5 checksum:  4965718 5a54c66a2204cbb250359f1f883653da

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:  4257420 2069013636632e5af43c5bd2bbeb8569
      Size/MD5 checksum:  1070864 9e1bf74bf2fa7887214587883b4668c5
      Size/MD5 checksum:   172474 223733149d23b923fd2972e11e4a314b
      Size/MD5 checksum:     8944 70c9e850f36487426610231334dbae70
      Size/MD5 checksum:  2466340 5917616c1f7c7084ce094afdf26c370a
      Size/MD5 checksum:  2342756 2994dc7e36cdf7b37e338d466f0014a3
      Size/MD5 checksum:  4870038 867410534719d991cae57e1b95c463ae
      Size/MD5 checksum:    15348 47ab6c42738f79666fd7b0a76c4d740a
      Size/MD5 checksum:  1494574 b8b405bd03ff4d7228421397deeec896
      Size/MD5 checksum:  2074286 04860198fc9f5d87c36de120cf87a66f
      Size/MD5 checksum:  2623718 c79f0343dbe4e2842dc98d06b9922d3d
      Size/MD5 checksum:  9122594 b7147a76c5730a163795015c85d78501
      Size/MD5 checksum:  2706880 4d365f59bc9e6828d94adc74dd559aeb
      Size/MD5 checksum:  5546712 e6e10890c2ec001562aa3de764dec691

powerpc architecture (PowerPC)

      Size/MD5 checksum:  4495386 34e79dac6fa4f6c5507d77371df8c806
      Size/MD5 checksum:    16840 c1472162d75104dbed2af920c077e145
      Size/MD5 checksum:  5201168 e8af0591b517e2212c81bd4e28f6eee3
      Size/MD5 checksum:     9412 b46e7c06fda73e99abc3b0251cfa0fae
      Size/MD5 checksum:  2756472 80a2a1d8343ac0d2d5a7d15597e5e1b1
      Size/MD5 checksum:  2410962 91d50628e6f807301b4100092ddd29b1
      Size/MD5 checksum:  1598006 b450a53fe6c4c8207bbeeb4789c4024c
      Size/MD5 checksum:  6329310 992d419ebebe8474714d4d9af894315e
      Size/MD5 checksum:  1224472 daf839353d109c04b467541e35541e24
      Size/MD5 checksum:   175108 87b3d7604a7efe7da0987b8c73720d6c
      Size/MD5 checksum:  2258436 a6413211eb3fddda694f1b274e31b692
      Size/MD5 checksum:  2805968 0819f0e9d5a13b9c122a038187ce349f

s390 architecture (IBM S/390)

      Size/MD5 checksum:  2365558 82b0169430d68fbfde5580fc55af8539
      Size/MD5 checksum:  5960804 0b2e1fc0f81a2cb1c0128c6e104f39c4
      Size/MD5 checksum:  1218900 936f3961797f3ed1f2058accde977993
      Size/MD5 checksum:  2719690 b38b5bd34f66fc16780fe3b08dd38a2d
      Size/MD5 checksum:     9036 43f683a165085bb78d8cff4875a30fbd
      Size/MD5 checksum:    16196 4e520a214d39690c8fa75bcd1cba89f2
      Size/MD5 checksum:  4263974 757b89131b53bba9d31f634630432b00
      Size/MD5 checksum:  5017052 c218f95d67d4c1d33b9fe5138822a1f5
      Size/MD5 checksum:  1536062 1eceb2b77a00165200062277f7f0fc68
      Size/MD5 checksum:  2196462 f0abedaa97aadfc962e11a1888f14e46
      Size/MD5 checksum:  2649836 e29ac3e192a8fa9d712eb3c8392e1cf6
      Size/MD5 checksum:   177020 687b7de35e5d43d61eba85dabc295cde

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:  4454834 ec068840b37666d1b7297ce4a0ca92e0
      Size/MD5 checksum:   171076 c06ceb8fe02cc101a955baebcaa2c44f
      Size/MD5 checksum:    15044 4b185346f48fdb5ce70dcf52b0318c3b
      Size/MD5 checksum:  1249952 1105fbdeb4a8a907a94358d0275cb010
      Size/MD5 checksum:  1613194 3974152e0fed955e3368c205d5d62864
      Size/MD5 checksum:  2827474 936597c4403bf74c6be1a41cb6a580ff
      Size/MD5 checksum:  5151582 b886dd55f655415a755197e070a0f18b
      Size/MD5 checksum:  2589968 6076836558c4d0370e643ad19bb9134c
      Size/MD5 checksum:  6797490 54a57b72675f41c4e7a36c3294e3b15c
      Size/MD5 checksum:     8324 a601cd0dfc7d2f7c8a35e83f8e70e643
      Size/MD5 checksum:  2304008 cfaf34cc9348baa6dc976c95033ee71d
      Size/MD5 checksum:  2795854 3d674864ce1c25365e85892f63c6c102
      Size/MD5 checksum:  1762052 799715028d86fad7d041b93577bc6021


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/