Stay Secure with the Latest Linux Advisories

security advisorylocal issueslackware

Slackware: glibc-2.2 Critical Setuid Root Binaries Access Issue

glibc-2.2 contains a local vulnerability that affects all setuid rootbinaries.. glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLV_HOST_CONF environment variable to the name of the file that they wish to read, then runs any setuid root program that makes use of that variable. The file is then written to stderr. The original BugTraq announcement can be read at the following URL: Users of Slackware -current are strongly urged to upgrade to the new glibc packages in the -current branch. ========================================================================glibc 2.2 AVAILABLE - (a1/glibcso.tgz, d1/glibc.tgz) ======================================================================== PACKAGE INFORMATION: -------------------- a1/glibcso.tgz: This package contains the runtime libraries for glibc 2.2 All users of Slackware -current should upgrade this package. d1/glibc.tgz: This is the full glibc 2.2 package, complete with headers and static libraries. If you had previously installed this package, you need to upgrade it. WHERE TO FIND THE NEW PACKAGES: ------------------------------- All new packages can be found in the -current branch: MD5 SIGNATURES AND CHECKSUMS: ----------------------------- Here are the md5sums and checksums for the packages: 16-bit "sum" checksum: 39060 1054 a1/glibcso.tgz 61562 26779 d1/glibc.tgz 128-bit MD5 message digest: 6ea2e3fecf1a1a970f1e37b7be7c12aa a1/glibcso.tgz 4f1e8ef903f1d0dd675aaf0cc3926177 d1/glibc.tgz INSTALLATION INSTRUCTIONS: -------------------------- It is recommended that the two packages above be upgraded in single user mode (runlevel 1). Bring the system into runlevel 1: # telinit 1 Then upgrade the packages: # upgradepkg .tgz Then bring the system back into multiuser mode: # telinit 3 Remember, it's also a good idea to backupconfiguration files before upgrading packages. - Slackware Linux Security Team The Slackware Linux Project . glibc-2.2 contains a significant vulnerability that affects every setuid root application. Users are urged to promptly upgrade their software packages.. glibc, setuid binaries, local issue. . Severity: Critical. LinuxSecurity.com Team

Jan 11, 2001 •Critical Slackware