Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Gentoo: 200311-05 Normal: Glibc Buffer Overflow in User Applications

gentoo
Calendar Grey November 24, 2003
Dist Gentoo Esm H88
Upgrade your Gentoo installations to mitigate the glibc getgrouplist buffer overflow vulnerability that poses a threat to user programs.
A bug in the getgrouplist function can cause a buffer overflow if the size of the group list is too small to hold all the user's groups

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200311-05 - - ---------------------------------------------------------------------------
GLSA: 200311-05 package: sys-libs/glibc summary: Glibc getgrouplist buffer overrun vulnerability severity: normal Gentoo bug: 33383 date: 2003-11-22 CVE: CAN-2003-0689 affected: <=2.2.4 fixed: >=2.2.5
DESCRIPTION:

A bug in the getgrouplist function can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segmentation faults in user applications. This vulnerability exists only when an administrator has placed a user in a number of groups larger than that expected by an application.

SOLUTION:

It is recommended that all Gentoo Linux users update their systems as follows:
emerge sync emerge '>=sys-libs/glibc-2.2.5' emerg...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround