Gentoo: 202311-10 High: OpenSSL Critical Vulnerability Alert
gentoo
November 24, 2003
A bug in the getgrouplist function can cause a buffer overflow if the size ofthe group list is too small to hold all the user's groups
Summary
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- - --------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200311-05 - - ---------------------------------------------------------------------------
GLSA: 200311-05 package: sys-libs/glibc summary: Glibc getgrouplist buffer overrun vulnerability severity: normal Gentoo bug: 33383 date: 2003-11-22 CVE: CAN-2003-0689 affected: <=2.2.4 fixed:>=2.2.5
DESCRIPTION:
A bug in the getgrouplist function can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segmentation faults in user applications. This vulnerability exists only when an administrator has placed a user in a number of groups larger than that expected by an application.
SOLUTION:
It is recommended that all Gentoo Linux users update their systems as follows:
emerge sync emerge '>=sys-libs/glibc-2.2.5' emerge clean
...Read the Full Advisory
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Warning: Undefined array key "advisory_info" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3238777_4c9dbbdde36eef04251a4ced7eac4df9 on line 11
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!