Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Slackware: 2010-295-01 Critical: Glibc Local Escalation Attack

slackware
Calendar Grey October 22, 2010
Dist Slackware Esm H88
Updated glibc packages have been released for Slackware to mitigate a severe local exploitation threat associated with setuid executables.
New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue

Summary

Here are the details from the Slackware 13.1 ChangeLog: patches/packages/glibc-2.11.1-i486-4_slack13.1.txz: Rebuilt. Patched "dynamic linker expands $ORIGIN in setuid library search path". This security issue allows a local attacker to gain root if they can create a hard link to a setuid root binary. Thanks to Tavis Ormandy. For more information, see: https://www.cve.org/CVERecord?id=CVE-2010-3847 https://seclists.org/fulldisclosure/2010/Oct/257 (* Security fix *) patches/packages/glibc-i18n-2.11.1-i486-4_slack13.1.txz: Rebuilt. patches/packages/glibc-profile-2.11.1-i486-4_slack13.1.txz: Rebuilt. patches/packages/glibc-solibs-2.11.1-i486-4_slack13.1.txz: Rebuilt. patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz: Rebuilt.

Topics%20covered

Topics Covered

security advisory security issue critical risk glibc Slackware setuid local escalation

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 12.0:
Updated packages for Slackware 12.1:
Updated packages for Slackware 12.2:
Updated packages for Slackware 13.0:
Updated packages for Slackware x86_64 13.0:
Updated packages for Slackware 13.1:
Updated packages for Slackware x86_64 13.1:
Updated packages for Slackware -current:
Updated packages for Slackware x86_64 -current:

MD5 Signatures

Slackware 12.0 packages: fe218536818e92a129c1bc54c939746d glibc-2.5-i486-5_slack12.0.tgz 44a61910ef911b8577d8ffe6db25a4d0 glibc-i18n-2.5-noarch-5_slack12.0.tgz 646f591a5a7f276d26d1731dff195417 glibc-profile-2.5-i486-5_slack12.0.tgz a230abf524edc643ce004c1ff64f512b glibc-solibs-2.5-i486-5_slack12.0.tgz e6de7535e8271d0db267263915a70e22 glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz
Slackware 12.1 packages: c0fdd589622cdb60381c2f28f2bfff1a glibc-2.7-i486-11_slack12.1.tgz 7ce224522417c2aeaa131f915a09e479 glibc-i18n-2.7-noarch-11_slack12.1.tgz f4a4ad055eb2aa1ecb984917d868b242 glibc-profile-2.7-i486-11_slack12.1.tgz 2cc062234dc826841222e80ce1b4ce06 glibc-solibs-2.7-i486-11_slack12.1.tgz 9a2f1fdf3185bc9ce2e641b6c94bf33b glibc-zoneinfo-2.7-noarch-11_slack12.1.tgz
Slackware 12.2 packages: 63d1f63892d856a1f809cc8d4b794453 glibc-2.7-i486-18_slack12.2.tgz f0de3e78497498323f089ddb56ba5f51 glibc-i18n-2.7-noarch-18_slack12.2.tgz e30bd13da86ef3c127dedb7a31a490fd glibc-profile-2.7-i486-18_slack12.2.tgz 26c50351c530bc569ed2664aa8ea1ab0 glibc-solibs-2.7-i486-18_slack12.2.tgz 077fcc888ee6ebcfc00018043754d199 glibc-zoneinfo-2.7-noarch-18_slack12.2.tgz
Slackware 13.0 packages: 1b8f954339e7f33b2149193964b83070 glibc-2.9-i486-4_slack13.0.txz abd450ab5ef57d775561e2a9fc9cc83a glibc-i18n-2.9-i486-4_slack13.0.txz 82fb6947e1a6cfa49ba633cb85da1970 glibc-profile-2.9-i486-4_slack13.0.txz dfe9770d051633ba612622651b872912 glibc-solibs-2.9-i486-4_slack13.0.txz 997fc370ffb9c47542371854b77d20f1 glibc-zoneinfo-2.9-noarch-4_slack13.0.txz
Slackware x86_64 13.0 packages: da45460ae0ca09a4ead864e4ec536699 glibc-2.9-x86_64-4_slack13.0.txz 872227d8d5615881c72fd40ee8df685c glibc-i18n-2.9-x86_64-4_slack13.0.txz b3862eb5479a8c8a807395267fdf80b0 glibc-profile-2.9-x86_64-4_slack13.0.txz 12bd96ae14d54e30bdb3ef6f7cc233cf glibc-solibs-2.9-x86_64-4_slack13.0.txz 3c77b4da325e30d1a5b33dd08e8778ff glibc-zoneinfo-2.9-noarch-4_slack13.0.txz
Slackware 13.1 packages: a54af004a11c4dd22aac80a1987a2eb6 glibc-2.11.1-i486-4_slack13.1.txz 0d5b3848b6ca455e40acaeb5f96e171e glibc-i18n-2.11.1-i486-4_slack13.1.txz e139fea062d772e1777e74c657101f82 glibc-profile-2.11.1-i486-4_slack13.1.txz 5587f6b82dc3e2f8e7644500c98587ec glibc-solibs-2.11.1-i486-4_slack13.1.txz eac27b0a86c8d214356f4c129d9a7272 glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz
Slackware x86_64 13.1 packages: 304f9204bef835b10840b71fcaad4354 glibc-2.11.1-x86_64-4_slack13.1.txz bca59e40ffcf3069c70eb15947eb04e9 glibc-i18n-2.11.1-x86_64-4_slack13.1.txz 03f09bf10f5a61285b5bfdf9e2009137 glibc-profile-2.11.1-x86_64-4_slack13.1.txz 27bb1cac7066a76dab2f04a2fcb3a14c glibc-solibs-2.11.1-x86_64-4_slack13.1.txz 236372130178abc826e09eaa12dd7db5 glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz
Slackware -current packages: 39b8c96ef2161c86cd13ee8fd240bf97 a/glibc-solibs-2.12.1-i486-2.txz f26f8165f418b0d8120ee3d44c0dbd14 a/glibc-zoneinfo-2.12.1-noarch-2.txz d7ef55b89b6c5d350d81e377317a6610 l/glibc-2.12.1-i486-2.txz bcf549bf173537bef56e823216a2eb59 l/glibc-i18n-2.12.1-i486-2.txz 77da2dd0aa8504b8446638282bfd39a6 l/glibc-profile-2.12.1-i486-2.txz
Slackware x86_64 -current packages: 046aa5bccd77f9b7ab8be35a609d20b5 a/glibc-solibs-2.12.1-x86_64-2.txz 07c3df0db68615c529b90a31ba9125eb a/glibc-zoneinfo-2.12.1-noarch-2.txz 60049dd502b2ad4d1ffd9f0e4c5790cf l/glibc-2.12.1-x86_64-2.txz 2ff8df667920817e2654f6af3f3787fa l/glibc-i18n-2.12.1-x86_64-2.txz 728482177fec580983a40eaa7d1a88ee l/glibc-profile-2.12.1-x86_64-2.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory security issue critical risk glibc Slackware setuid local escalation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg glibc-*.t?z

Your message here