Date: Fri, 11 Jan 2002 17:29:30 -0800 (PST) From: Slackware Security Team <security@slackware.com> To: slackware-security@slackware.com Subject: [slackware-security] glibc glob overflow patched A buffer overflow has been found in the glob(3) function in glibc. Fixed packages for Slackware 8.0 are now available. Here's the information from the Slackware 8.0 ChangeLog: Fri Jan 11 14:07:07 PST 2002 patches/packages/glibc.tgz, patches/packages/glibcso.tgz: Fixed a buffer overflow in the glob(3) function. This bug may be exploited through external services that might make use of it, like the port of OpenBSD's FTP server (not included in Slackware, but an example that's known to be affected). It's highly recommended that internet- connected machines or machines with local users who might try to exploit setuid root binaries be upgraded as soon as possible. Thanks to Flávio Veloso and Jakub Jelinek for finding this problem and working out a patch. We urge all Slackware users to upgrade to these new glibc packages as soon as possible. WHERE TO FIND THE NEW PACKAGES: ------------------------------- Updated glibc package for Slackware 8.0: Updated glibcso package for Slackware 8.0: MD5 SIGNATURES: --------------- Here are the md5sums for the packages: b01db77386dfcd292018701c68d312d5 glibc.tgz 857ac96829be1b409503ba8ee1e96d63 glibcso.tgz INSTALLATION INSTRUCTIONS: -------------------------- Simply upgrade as root: # upgradepkg glibcso.tgz glibc.tgz Remember, it's also a good idea to backup configuration files before upgrading packages. - Slackware Linux Security Team The Slackware Linux Project
Slackware: 'glibc' glob overflow patched
January 13, 2002
A buffer overflow has been found in the glob(3) function in glibc.Fixed packages for Slackware 8.0 are now available.
Summary
Where Find New Packages
MD5 Signatures
Severity
Date: Fri, 11 Jan 2002 17:29:30 -0800 (PST) From: Slackware Security Team <security@slackware.com> To: slackware-security@slackware.com Subject: [slackware-security] glibc glob overflow patched
A buffer overflow has been found in the glob(3) function in glibc. Fixed packages for Slackware 8.0 are now available.
Here's the information from the Slackware 8.0 ChangeLog:
Fri Jan 11 14:07:07 PST 2002 patches/packages/glibc.tgz, patches/packages/glibcso.tgz: Fixed a buffer overflow in the glob(3) function. This bug may be exploited through external services that might make use of it, like the port of OpenBSD's FTP server (not included in Slackware, but an example that's known to be affected). It's highly recommended that internet- connected machines or machines with local users who might try to exploit setuid root binaries be upgraded as soon as possible.
Thanks to Flávio Veloso and Jakub Jelinek for finding this problem and working out a patch.
We urge all Slackware users to upgrade to these new glibc packages as soon as possible.
WHERE TO FIND THE NEW PACKAGES: ------------------------------- Updated glibc package for Slackware 8.0:
Updated glibcso package for Slackware 8.0:
MD5 SIGNATURES: ---------------
Here are the md5sums for the packages:
b01db77386dfcd292018701c68d312d5 glibc.tgz 857ac96829be1b409503ba8ee1e96d63 glibcso.tgz
INSTALLATION INSTRUCTIONS: --------------------------
Simply upgrade as root:
# upgradepkg glibcso.tgz glibc.tgz
Remember, it's also a good idea to backup configuration files before upgrading packages.
- Slackware Linux Security Team The Slackware Linux Project
Installation Instructions
News
HOWTOs
Features
About Us
Powered By
