Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Red Hat Linux 6.x RHSA-2000:057-04 Critical: glibc Local Root Exploit

red hat
Calendar Grey September 7, 2000
Dist Redhat Esm H88
Users with standalone accounts could potentially gain elevated access through vulnerabilities in glibc on Red Hat distributions. Corrective patches have been released.

Several bugs were discovered in glibc which could allow local users togain root privileges.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed ( for more info):

13785 - Bug in pthreads blocks ability to preempt suspend and resume threads on SMP machines 17203 - glibc-2.1.3-19 breaks Sun and IBM Java 1.3 on SMP 17187 - tcsh broken after glibc upgrade


6. RPMs required:

Red Hat Linux 5.2:

sparc:





alpha:





i386:





sources:


Red Hat Linux 6.2:

sparc:





i386:





alpha:





sparcv9:


sources:


7. Verification:

MD5 sum Package Name d89ceb98bcbcf4713d16fdee7ff7f43e 5.2/SRPMS/glibc-2.0.7-29.4.src.rpm 6ef2b922267041c5d255929bfc98fd64 5.2/alpha/glibc-2.0.7-29.4.alpha.rpm 888f00bface573ffd88e221c6b6f8e2e 5.2/alpha/glibc-debug-2.0.7-29.4.alpha.rpm ebc93b3ee1f685d50a94dcdb28c61cc9 5.2/alpha/glibc-devel-2.0.7-29.4.alpha.rpm e41785070075562b0481df36478d2fc8 5.2/alpha/glibc-profile-2.0.7-29.4.alpha.rpm 2f2113f874194aa3ecc618c4d1ec35aa 5.2/i386/glibc-2.0.7-29.4.i386.rpm 078735dd7907a1ed391018f8768f08a5 5.2/i386/glibc-debug-2.0.7-29.4.i386.rpm 752e9f9c3ebd3a91eb4ee399cc679186 5.2/i386/glibc-devel-2.0.7-29.4.i386.rpm 1ebdf4fdb6f479e735cf8d9b0190e467 5.2/i386/glibc-profile-2.0.7-29.4.i386.rpm f26d7fada3d250389144b235bf1f3627 5.2/sparc/glibc-2.0.7-29.4.sparc.rpm 92f25cc1809d1c87981184848ebc2c92 5.2/sparc/glibc-debug-2.0.7-29.4.sparc.rpm bde3f83247f4975f50a552bdfe1cfe92 5.2/sparc/glibc-devel-2.0.7-29.4.sparc.rpm 7d466b8c454556801502a5193aa90919 5.2/sparc/glibc-profile-2.0.7-29.4.sparc.rpm 951f8018ee585cbae936f5aabc93975a 6.2/SRPMS/glibc-2.1.3-21.src.rpm 71fc519a3af0c780f04957d0fd30e3ef 6.2/alpha/glibc-2.1.3-21.alpha.rpm 0958d288b68b69172e05c818dadde1df 6.2/alpha/glibc-devel-2.1.3-21.alpha.rpm c3f263f06115287996cf835bda6d831c 6.2/alpha/glibc-profile-2.1.3-21.alpha.rpm 628f153cf8159b150cdf5812ecf8a7f1 6.2/alpha/nscd-2.1.3-21.alpha.rpm 2197ca4a7bce75b8f71e776198ea6ad6 6.2/i386/glibc-2.1.3-21.i386.rpm b8cfd8011077f35ae63f589c494166f2 6.2/i386/glibc-devel-2.1.3-21.i386.rpm bed9b0d02fae36d490d3025de74b5e0f 6.2/i386/glibc-profile-2.1.3-21.i386.rpm 26b9ce91af840a7928ac52a32b5fe2c7 6.2/i386/nscd-2.1.3-21.i386.rpm e2d13625c1869c983a917f6867bc351b 6.2/sparc/glibc-2.1.3-21.sparc.rpm 44d151c0f2e99dd6ed69274c1b2b106e 6.2/sparc/glibc-devel-2.1.3-21.sparc.rpm bef08ed72e52b149da48421369561100 6.2/sparc/glibc-profile-2.1.3-21.sparc.rpm 8f5ee1e544b50f84f71eb2c38e1ef2fe 6.2/sparc/nscd-2.1.3-21.sparc.rpm 7fd0aefa79a7546cb944752c545c651f 6.2/sparcv9/glibc-2.1.3-21.sparcv9.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:


You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

References

Copyright(c) 2000 Red Hat, Inc.

`

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2000:057-04
Issue date: 2000-09-01
Updated on: 2000-09-07
Product: Red Hat Linux
Keywords: glibc ld.so locale LANG gettext LD_PRELOAD threads
Cross references: N/A
:

Topic

Relevant Releases Architectures

Red Hat Linux 5.0 - i386, alpha

Red Hat Linux 5.1 - i386, alpha, sparc

Red Hat Linux 5.2 - i386, alpha, sparc

Red Hat Linux 6.0 - i386, alpha, sparc

Red Hat Linux 6.1 - i386, alpha, sparc, sparcv9

Red Hat Linux 6.2 - i386, alpha, sparc, sparcv9

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here