Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Red Hat 7.0 Advisory RHSA-2001:001-05 Critical: glibc Local Access Risk

red hat
Calendar Grey January 11, 2001
Dist Redhat Esm H88
Warning of a critical glibc flaw allowing unauthorized file access by non-privileged users due to misconfiguration.
Because of a typo in glibc source RESOLV_HOST_CONF and RES_OPTIONS variables were not removed from environment for SUID/SGID programs.

Solution

Pick packages for your architecture and run:

rpm -Uvh glibc-[2c]* rpm -Fvh glibc-[dp]* nscd-*

5. Bug IDs fixed ( for more info):

18332 - internet programs leave too many connections open 23562 - RESOLV_HOST_CONF can be used to read privileged files 23176 - "forgot to set AF_INET in udp sendmsg" caused by pmap_clnt.c bug 22932 - oracle 8.1.6 installer crashes with glibc-2.2-9.i686.rpm 23012 - RH7 update to glibc 2.2 breaks IBM Java 1.1.8 JDK 22913 - gcc -traditional error on stdio.h 22908 - in glibc-devel-2.2-9 cpp warning 22494 - glibc-2.2-9

6. RPMs required:

Red Hat Linux 7.0:

SRPMS:


alpha:







alphaev6:


i386:






i686:


7. Verification:

MD5 sum Package Name 506da6896f83e3732593bce0debee447 7.0/SRPMS/glibc-2.2-12.src.rpm 8866d4ce4920f300bc8cbba8f0b3a2b1 7.0/i686/glibc-2.2-12.i686.rpm d56ba6b8f82c92b9a872e7ee94c706a9 7.0/i386/nscd-2.2-12.i386.rpm 9891a9d1967be619ca74a1de5d0b1f63 7.0/i386/glibc-profile-2.2-12.i386.rpm 0d0bc7d1cd31c548e474146a7cdfea51 7.0/i386/glibc-devel-2.2-12.i386.rpm b1218c0c2b6f5bd1e161c3158d0418a5 7.0/i386/glibc-common-2.2-12.i386.rpm 91b935bfb0d5fb43394d8557fe754bb4 7.0/i386/glibc-2.2-12.i386.rpm 0cc49503ab78251a7dc02dd70bf20d12 7.0/alphaev6/glibc-2.2-12.alphaev6.rpm 8cf8b2b5c90767e13d1e6a1a210fbdee 7.0/alpha/nscd-2.2-12.alpha.rpm 2aacc6a21da21fdf6a2d3adb8e13074f 7.0/alpha/glibc-profile-2.2-12.alpha.rpm 8b5cf54c20038f7acc08194702225fff 7.0/alpha/glibc-devel-2.2-12.alpha.rpm b5ed7c074ef027b7e4df68b119aa21dc 7.0/alpha/glibc-common-2.2-12.alpha.rpm c62b091dfacc14bcd7b1a19c2b22f34d 7.0/alpha/glibc-2.2-12.alpha.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:


You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

References

Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2001:001-05
Issue date: 2001-01-11
Updated on: 2001-01-11
Product: Red Hat Linux
Keywords: glibc RESOLV_HOST_CONF LD_PRELOAD
Cross references:
Obsoletes:

Topic

Relevant Releases Architectures

Red Hat Linux 7.0 - alpha, alphaev6, i386, i686

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here