Debian: 'glibc' vulnerabilities

    Date08 Mar 2001
    CategoryDebian
    2175
    Posted ByLinuxSecurity Advisories
    The version of GNU libc that was distributed with Debian GNU/Linux 2.2 suffered from 2 security problems.
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-039-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                         Wichert Akkerman
    March  8, 2001
    ------------------------------------------------------------------------
    
    
    Package        : glibc
    Problem type   : local file overwrite
    Debian-specific: no
    
    The version of GNU libc that was distributed with Debian GNU/Linux 2.2
    suffered from 2 security problems:
    
    * It was possible to use LD_PRELOAD to load libraries that are listed in
      /etc/ld.so.cache, even for suid programs. This could be used to create
      (and overwrite) files which a user should not be allowed to.
    
    * by using LD_PROFILE suid programs would write data to a file
      to /var/tmp, which was not done safely. Again, this could be  used
      to create (and overwrite) files which a user should not have access
      to.
    
    Both problems have been fixed in version 2.1.3-17 and we recommend that
    you upgrade your glibc packages immediately.
    
    Please note that a side-effect of this upgrade is that ldd will no longer
    work on suid programs, unless you logged in as root.
    
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
    
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
    
      Source archives:
         http://security.debian.org/dists/stable/updates/main/source/glibc_2.1.3-17.diff.gz
          MD5 checksum: 2d09dcf45482a2c4400e033c92112110
         http://security.debian.org/dists/stable/updates/main/source/glibc_2.1.3-17.dsc
          MD5 checksum: 0483ad39d31a54db8781fddb79240e5d
         http://security.debian.org/dists/stable/updates/main/source/glibc_2.1.3.orig.tar.gz
          MD5 checksum: aea1bb5c28f793013153d1b8f91eb746
    
      Architecture indendent archives:
         http://security.debian.org/dists/stable/updates/main/binary-all/glibc-doc_2.1.3-17_all.deb
          MD5 checksum: 06a18fbeee849642b48ff14cc0633984
         http://security.debian.org/dists/stable/updates/main/binary-all/i18ndata_2.1.3-17_all.deb
          MD5 checksum: 272079ae1d3afe16b18cbc3d903a5685
    
      Alpha architecture:
         http://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1-dbg_2.1.3-17_alpha.deb
          MD5 checksum: 28e3d452aee9a89a7883885b76c7dc66
         http://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1-dev_2.1.3-17_alpha.deb
          MD5 checksum: 452a709107c611efffb6e4ff3697eb10
         http://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1-pic_2.1.3-17_alpha.deb
          MD5 checksum: 68208d16954c2f81fe38a41fc6b83720
         http://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1-prof_2.1.3-17_alpha.deb
          MD5 checksum: dc0ba72ff66b3e25213e6ab12c927941
         http://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1_2.1.3-17_alpha.deb
          MD5 checksum: 3e75804a7de8a317304dc4b615e290d3
         http://security.debian.org/dists/stable/updates/main/binary-alpha/libnss1-compat_2.1.3-17_alpha.deb
          MD5 checksum: 6f4bf6d43ef36117efe43bad15159dc4
         http://security.debian.org/dists/stable/updates/main/binary-alpha/locales_2.1.3-17_alpha.deb
          MD5 checksum: 443417e614a33cf70d296fedb6733873
         http://security.debian.org/dists/stable/updates/main/binary-alpha/nscd_2.1.3-17_alpha.deb
          MD5 checksum: 86edee3f212a0d4c769d37eb8e6de404
    
      ARM architecture:
         http://security.debian.org/dists/stable/updates/main/binary-arm/libc6-dbg_2.1.3-17_arm.deb
          MD5 checksum: 63e3785e0c034ad086014a07a641b43d
         http://security.debian.org/dists/stable/updates/main/binary-arm/libc6-dev_2.1.3-17_arm.deb
          MD5 checksum: 3cf45427598f3c92c5744b647f14a315
         http://security.debian.org/dists/stable/updates/main/binary-arm/libc6-pic_2.1.3-17_arm.deb
          MD5 checksum: 30ae1c962cae0d1df3fcd8924a7eb6d3
         http://security.debian.org/dists/stable/updates/main/binary-arm/libc6-prof_2.1.3-17_arm.deb
          MD5 checksum: 5e4b00337e8cf44cd94125a30decf409
         http://security.debian.org/dists/stable/updates/main/binary-arm/libc6_2.1.3-17_arm.deb
          MD5 checksum: 0b4c9b9715d91fd9474a6a33775821b8
         http://security.debian.org/dists/stable/updates/main/binary-arm/locales_2.1.3-17_arm.deb
          MD5 checksum: fce2f8c6d697ed386557fcf92ef4ce47
         http://security.debian.org/dists/stable/updates/main/binary-arm/nscd_2.1.3-17_arm.deb
          MD5 checksum: 946568baddaf2ef3430bc3e27c464079
    
      Intel ia32 architecture:
         http://security.debian.org/dists/stable/updates/main/binary-i386/libc6-dbg_2.1.3-17_i386.deb
          MD5 checksum: a11f04dc605f9e0692bad7c43f29b90a
         http://security.debian.org/dists/stable/updates/main/binary-i386/libc6-dev_2.1.3-17_i386.deb
          MD5 checksum: c92017b2d71066fb0ffada1090c72863
         http://security.debian.org/dists/stable/updates/main/binary-i386/libc6-pic_2.1.3-17_i386.deb
          MD5 checksum: c4523e2dfa76352db81bb7c3852e52eb
         http://security.debian.org/dists/stable/updates/main/binary-i386/libc6-prof_2.1.3-17_i386.deb
          MD5 checksum: f752ce83bdb45c106a564107727f4ac9
         http://security.debian.org/dists/stable/updates/main/binary-i386/libc6_2.1.3-17_i386.deb
          MD5 checksum: 2e97ae1db914e6bf1bbf9f622668802a
         http://security.debian.org/dists/stable/updates/main/binary-i386/libnss1-compat_2.1.3-17_i386.deb
          MD5 checksum: 80592eeaf265a2fa5e4ec17429bd7a29
         http://security.debian.org/dists/stable/updates/main/binary-i386/locales_2.1.3-17_i386.deb
          MD5 checksum: 95d336a17cbab782802304546b88f252
         http://security.debian.org/dists/stable/updates/main/binary-i386/nscd_2.1.3-17_i386.deb
          MD5 checksum: 3ac365c22541b0322f3f7acd4487362f
    
      Motorola 680x0 architecture:
         http://security.debian.org/dists/stable/updates/main/binary-m68k/libc6-dbg_2.1.3-17_m68k.deb
          MD5 checksum: 73c51ecef6cb349e1c05c94d98b7f08f
         http://security.debian.org/dists/stable/updates/main/binary-m68k/libc6-dev_2.1.3-17_m68k.deb
          MD5 checksum: fdb40a30e553dbda2928913e97869dac
         http://security.debian.org/dists/stable/updates/main/binary-m68k/libc6-pic_2.1.3-17_m68k.deb
          MD5 checksum: 4ac47fdd91bb3e74ffb88903f9aa2a2f
         http://security.debian.org/dists/stable/updates/main/binary-m68k/libc6-prof_2.1.3-17_m68k.deb
          MD5 checksum: 1ac2effcfa957fba33364f15a0e6a0ad
         http://security.debian.org/dists/stable/updates/main/binary-m68k/libc6_2.1.3-17_m68k.deb
          MD5 checksum: 9fa4049d37577c6bf84b6c3b618a3cf7
         http://security.debian.org/dists/stable/updates/main/binary-m68k/libnss1-compat_2.1.3-17_m68k.deb
          MD5 checksum: 09e08e0912fb30238c888aa95f2ea5a2
         http://security.debian.org/dists/stable/updates/main/binary-m68k/locales_2.1.3-17_m68k.deb
          MD5 checksum: 6d4ad26d19cf6309369c59279d243c2f
         http://security.debian.org/dists/stable/updates/main/binary-m68k/nscd_2.1.3-17_m68k.deb
          MD5 checksum: b553448be9a6b872d2c38a606476b154
    
      PowerPC architecture:
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6-dbg_2.1.3-17_powerpc.deb
          MD5 checksum: 7737f33dab4073f2f068675d0290f2e2
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6-dev_2.1.3-17_powerpc.deb
          MD5 checksum: 018fcbba3194cbf39617c17d769390ac
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6-pic_2.1.3-17_powerpc.deb
          MD5 checksum: 301d0bb507a617baeede970249eaad65
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6-prof_2.1.3-17_powerpc.deb
          MD5 checksum: 47a36a1dcdcf10b1ff5781f3a433eba7
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6_2.1.3-17_powerpc.deb
          MD5 checksum: 80b640aa7d99456cb0fe394a25a9e36b
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/locales_2.1.3-17_powerpc.deb
          MD5 checksum: 9c44c79bf5c8767e3d144c6b9521b925
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/nscd_2.1.3-17_powerpc.deb
          MD5 checksum: 359dc2ec51ec194da9ad5f7fd808ccc4
    
      Sun Sparc architecture:
         http://security.debian.org/dists/stable/updates/main/binary-sparc/libc6-dbg_2.1.3-17_sparc.deb
          MD5 checksum: e63563d43a5e7e016e21c44b80ae530b
         http://security.debian.org/dists/stable/updates/main/binary-sparc/libc6-dev_2.1.3-17_sparc.deb
          MD5 checksum: 32dd22813fe5db4e77ff9d0bc8df74ca
         http://security.debian.org/dists/stable/updates/main/binary-sparc/libc6-pic_2.1.3-17_sparc.deb
          MD5 checksum: 648c72da9cd496f265c8a8426fa47516
         http://security.debian.org/dists/stable/updates/main/binary-sparc/libc6-prof_2.1.3-17_sparc.deb
          MD5 checksum: c664c5e1b2fd9d2a3d856130f7750c70
         http://security.debian.org/dists/stable/updates/main/binary-sparc/libc6_2.1.3-17_sparc.deb
          MD5 checksum: 67123f10a4b04251c6922313c70102af
         http://security.debian.org/dists/stable/updates/main/binary-sparc/locales_2.1.3-17_sparc.deb
          MD5 checksum: 895333e421ac054533b2cf3a989d2675
         http://security.debian.org/dists/stable/updates/main/binary-sparc/nscd_2.1.3-17_sparc.deb
          MD5 checksum: 7be597a2a98e985bd2f9cca65049d16f
    
      These files will be moved into
       ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    --
    ----------------------------------------------------------------------------
    apt-get: deb  http://security.debian.org/ stable/updates main
    dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.