Slackware 13.1: 2010-301-01 critical: glibc local attack risk
slackware
October 29, 2010
New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue
Summary
Here are the details from the Slackware 13.1 ChangeLog: patches/packages/glibc-2.11.1-i486-5_slack13.1.txz: Rebuilt. Patched "The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads." This security issue allows a local attacker to gain root by specifying an unsafe DSO in the library search path to be used with a setuid binary in LD_AUDIT mode. Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes). For more information, see: https://www.cve.org/CVERecord?id=CVE-2010-3856 https://seclists.org/fulldisclosure/2010/Oct/344 (* Security fix *) patches/packages/glibc-i18n-2.11.1-i486-5_slack13.1.txz: Rebuilt. patches/packages/glibc-profile-2.11.1-i486-5_slack13.1.txz: Rebuilt. patches/packages/glibc-solibs-2.11.1-i486-5_slack13.1.txz: Upgraded. (* Security fix *) patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz: Upgraded. Rebuilt to tzcode2010n and tzdata2010n.
Topics Covered
Where Find New Packages
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.
Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-2.5-i486-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-i18n-2.5-noarch-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-profile-2.5-i486-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-solibs-2.5-i486-6_slack12.0.tgz
Updated packages for Slackware 12.1:
ftp://ftp.slackware...
MD5 Signatures
Slackware 12.0 packages:
8d468bef0a3b50325d77ab996b5a9d9a glibc-2.5-i486-6_slack12.0.tgz
b01d3fecfd3ed105c5c141a3dc7af401 glibc-i18n-2.5-noarch-6_slack12.0.tgz
caf14c4ad8e444000220bc7cc256c495 glibc-profile-2.5-i486-6_slack12.0.tgz
451af23d75820fac2d4bb431b5830b85 glibc-solibs-2.5-i486-6_slack12.0.tgz
119d0d794a46f94bc17f83f0ac06a3d3 glibc-zoneinfo-2.5-noarch-9_slack12.0.tgz
Slackware 12.1 packages:
ccc6cad27bc0fb344656cde9a13b38ba glibc-2.7-i486-12_slack12.1.tgz
5d898df2a09262f7257d3eda50a57d68 glibc-i18n-2.7-noarch-12_slack12.1.tgz
068a14a920b5081cb70d83d9b0f84241 glibc-profile-2.7-i486-12_slack12.1.tgz
84cb8ee27e6f839c9d0c5f6817ad8730 glibc-solibs-2.7-i486-12_slack12.1.tgz
59355d9135e1c63a47cefb8b1913a482 glibc-zoneinfo-2.7-noarch-12_slack12.0.tgz
Slackware 12.2 packages:
92731f67629c32a3944568e5e45f7eea glibc-2.7-i486-19_slack12.2.tgz
0186435a93d1b21d9b8583698141eac6 glibc-i18n-2.7-noarch-19_slack12.2.tgz
75b2c8928bfcee081eaa2e24b80ba9c3 glibc-profile-2.7-i486-19_slack12.2.tgz
3fb2a406f8625e307a455d9c8ecc8589 glibc-solibs-2.7-i486-19_slack12.2.tgz
e5b641e76bd83f1b78d15918e37861b3 glibc-zoneinfo-2.7-noarch-19_slack12.2.tgz
Slackware 13.0 packages:
1db19f0d2e560237d7e7b563edac1717 glibc-2.9-i486-5_slack13.0.txz
605c3e4727111314a3b352c1043e3c70 glibc-i18n-2.9-i486-5_slack13.0.txz
3846ded61e77d33d2b6d2b09a2c8a9e8 glibc-profile-2.9-i486-5_slack13.0.txz
766f590fa9f9afac74a3395464d563f5 glibc-solibs-2.9-i486-5_slack13.0.txz
4726810af74ad4fadf06a6ff804a0c28 glibc-zoneinfo-2.9-noarch-5_slack13.0.txz
Slackware x86_64 13.0 packages:
909942f6df189166b39fb5b6e3781731 glibc-2.9-x86_64-5_slack13.0.txz
ee4e1d3994bf63d7aeea7fcc4fd26d12 glibc-i18n-2.9-x86_64-5_slack13.0.txz
6602482f69059373ac0831c669d53acf glibc-profile-2.9-x86_64-5_slack13.0.txz
281ab0a7b97cc848f508c33339932eac glibc-solibs-2.9-x86_64-5_slack13.0.txz
df641f4c6bd461b6e0d7f517829081ba glibc-zoneinfo-2.9-noarch-5_slack13.0.txz
Slackware 13.1 packages:
6527a72a8454bf4bdb310e02e0da83b1 glibc-2.11.1-i486-5_slack13.1.txz
c4a2ebb19582db01f411dc1ff48b5b73 glibc-i18n-2.11.1-i486-5_slack13.1.txz
626a6183a927a5afc71997f40c6385d3 glibc-profile-2.11.1-i486-5_slack13.1.txz
15b9ca16b5f61f819c3da72f9e5e3c99 glibc-solibs-2.11.1-i486-5_slack13.1.txz
f118773d1bb266378f80b4cb2c5287b2 glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz
Slackware x86_64 13.1 packages:
037e2ccd9a3696db1203f4067e375cf4 glibc-2.11.1-x86_64-5_slack13.1.txz
13a43ca43e61861a581181f59a6ec62f glibc-i18n-2.11.1-x86_64-5_slack13.1.txz
1898b8bde310da6bbf2147e789e67200 glibc-profile-2.11.1-x86_64-5_slack13.1.txz
a0914b17959f521cc6b93218735c8a48 glibc-solibs-2.11.1-x86_64-5_slack13.1.txz
3f5621fbe482cbc287155400c5012f84 glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz
Slackware -current packages:
0ed6d0e2079be5d275455739cdaf0549 a/glibc-solibs-2.12.1-i486-3.txz
b23dbc1e4ba31fd6827fd51012da7d6d a/glibc-zoneinfo-2.12.1-noarch-3.txz
3ea2bf3794eec46fc8870699277725b6 l/glibc-2.12.1-i486-3.txz
d0afd8e838dbe00ae12b0e04e8f025d2 l/glibc-i18n-2.12.1-i486-3.txz
f919fe010cfcb28eb5de849028894d4a l/glibc-profile-2.12.1-i486-3.txz
Slackware x86_64 -current packages:
b068c1e12d49d1cf968db8fffdf1f4a4 a/glibc-solibs-2.12.1-x86_64-3.txz
87c200831200e3e626a1a068167041fd a/glibc-zoneinfo-2.12.1-noarch-3.txz
12fe9ab9e109c162e93215a4995478cd l/glibc-2.12.1-x86_64-3.txz
bc676d8921404ee9fd520137f60d7d3f l/glibc-i18n-2.12.1-x86_64-3.txz
44bb2cf6ecde7a6bcf49a69ca62254ff l/glibc-profile-2.12.1-x86_64-3.txz
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Installation instructions: Upgrade the packages as root: # upgradepkg glibc-*.t?z
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!