From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] glibc (SSA:2010-301-01)
Date: Thu, 28 Oct 2010 21:49:56 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] glibc (SSA:2010-301-01)
New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
and -current to fix a security issue.
Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/glibc-2.11.1-i486-5_slack13.1.txz: Rebuilt.
Patched "The GNU C library dynamic linker will dlopen arbitrary DSOs
during setuid loads." This security issue allows a local attacker to
gain root by specifying an unsafe DSO in the library search path to be
used with a setuid binary in LD_AUDIT mode.
Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
http://seclists.org/fulldisclosure/2010/Oct/344
(* Security fix *)
patches/packages/glibc-i18n-2.11.1-i486-5_slack13.1.txz: Rebuilt.
patches/packages/glibc-profile-2.11.1-i486-5_slack13.1.txz: Rebuilt.
patches/packages/glibc-solibs-2.11.1-i486-5_slack13.1.txz: Upgraded.
(* Security fix *)
patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz: Upgraded.
Rebuilt to tzcode2010n and tzdata2010n.
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-2.5-i486-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-i18n-2.5-noarch-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-profile-2.5-i486-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-solibs-2.5-i486-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-zoneinfo-2.5-noarch-9_slack12.0.tgz
Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-2.7-i486-12_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-i18n-2.7-noarch-12_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-profile-2.7-i486-12_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-solibs-2.7-i486-12_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-zoneinfo-2.7-noarch-12_slack12.0.tgz
Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-2.7-i486-19_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-i18n-2.7-noarch-19_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-profile-2.7-i486-19_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-solibs-2.7-i486-19_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-zoneinfo-2.7-noarch-19_slack12.2.tgz
Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-2.9-i486-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-i18n-2.9-i486-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-profile-2.9-i486-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-solibs-2.9-i486-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-zoneinfo-2.9-noarch-5_slack13.0.txz
Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-2.9-x86_64-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-i18n-2.9-x86_64-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-profile-2.9-x86_64-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-solibs-2.9-x86_64-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-zoneinfo-2.9-noarch-5_slack13.0.txz
Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz
Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.12.1-i486-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2.12.1-noarch-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.12.1-i486-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.12.1-i486-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.12.1-i486-3.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.12.1-x86_64-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2.12.1-noarch-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.12.1-x86_64-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.12.1-x86_64-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.12.1-x86_64-3.txz
MD5 signatures:
+-------------+
Slackware 12.0 packages:
8d468bef0a3b50325d77ab996b5a9d9a glibc-2.5-i486-6_slack12.0.tgz
b01d3fecfd3ed105c5c141a3dc7af401 glibc-i18n-2.5-noarch-6_slack12.0.tgz
caf14c4ad8e444000220bc7cc256c495 glibc-profile-2.5-i486-6_slack12.0.tgz
451af23d75820fac2d4bb431b5830b85 glibc-solibs-2.5-i486-6_slack12.0.tgz
119d0d794a46f94bc17f83f0ac06a3d3 glibc-zoneinfo-2.5-noarch-9_slack12.0.tgz
Slackware 12.1 packages:
ccc6cad27bc0fb344656cde9a13b38ba glibc-2.7-i486-12_slack12.1.tgz
5d898df2a09262f7257d3eda50a57d68 glibc-i18n-2.7-noarch-12_slack12.1.tgz
068a14a920b5081cb70d83d9b0f84241 glibc-profile-2.7-i486-12_slack12.1.tgz
84cb8ee27e6f839c9d0c5f6817ad8730 glibc-solibs-2.7-i486-12_slack12.1.tgz
n59355d9135e1c63a47cefb8b1913a482 glibc-zoneinfo-2.7-noarch-12_slack12.0.tgz
Slackware 12.2 packages:
92731f67629c32a3944568e5e45f7eea glibc-2.7-i486-19_slack12.2.tgz
0186435a93d1b21d9b8583698141eac6 glibc-i18n-2.7-noarch-19_slack12.2.tgz
75b2c8928bfcee081eaa2e24b80ba9c3 glibc-profile-2.7-i486-19_slack12.2.tgz
3fb2a406f8625e307a455d9c8ecc8589 glibc-solibs-2.7-i486-19_slack12.2.tgz
e5b641e76bd83f1b78d15918e37861b3 glibc-zoneinfo-2.7-noarch-19_slack12.2.tgz
Slackware 13.0 packages:
1db19f0d2e560237d7e7b563edac1717 glibc-2.9-i486-5_slack13.0.txz
605c3e4727111314a3b352c1043e3c70 glibc-i18n-2.9-i486-5_slack13.0.txz
3846ded61e77d33d2b6d2b09a2c8a9e8 glibc-profile-2.9-i486-5_slack13.0.txz
766f590fa9f9afac74a3395464d563f5 glibc-solibs-2.9-i486-5_slack13.0.txz
4726810af74ad4fadf06a6ff804a0c28 glibc-zoneinfo-2.9-noarch-5_slack13.0.txz
Slackware x86_64 13.0 packages:
909942f6df189166b39fb5b6e3781731 glibc-2.9-x86_64-5_slack13.0.txz
ee4e1d3994bf63d7aeea7fcc4fd26d12 glibc-i18n-2.9-x86_64-5_slack13.0.txz
6602482f69059373ac0831c669d53acf glibc-profile-2.9-x86_64-5_slack13.0.txz
281ab0a7b97cc848f508c33339932eac glibc-solibs-2.9-x86_64-5_slack13.0.txz
df641f4c6bd461b6e0d7f517829081ba glibc-zoneinfo-2.9-noarch-5_slack13.0.txz
Slackware 13.1 packages:
6527a72a8454bf4bdb310e02e0da83b1 glibc-2.11.1-i486-5_slack13.1.txz
c4a2ebb19582db01f411dc1ff48b5b73 glibc-i18n-2.11.1-i486-5_slack13.1.txz
626a6183a927a5afc71997f40c6385d3 glibc-profile-2.11.1-i486-5_slack13.1.txz
15b9ca16b5f61f819c3da72f9e5e3c99 glibc-solibs-2.11.1-i486-5_slack13.1.txz
f118773d1bb266378f80b4cb2c5287b2 glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz
Slackware x86_64 13.1 packages:
037e2ccd9a3696db1203f4067e375cf4 glibc-2.11.1-x86_64-5_slack13.1.txz
13a43ca43e61861a581181f59a6ec62f glibc-i18n-2.11.1-x86_64-5_slack13.1.txz
1898b8bde310da6bbf2147e789e67200 glibc-profile-2.11.1-x86_64-5_slack13.1.txz
a0914b17959f521cc6b93218735c8a48 glibc-solibs-2.11.1-x86_64-5_slack13.1.txz
3f5621fbe482cbc287155400c5012f84 glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz
Slackware -current packages:
0ed6d0e2079be5d275455739cdaf0549 a/glibc-solibs-2.12.1-i486-3.txz
b23dbc1e4ba31fd6827fd51012da7d6d a/glibc-zoneinfo-2.12.1-noarch-3.txz
3ea2bf3794eec46fc8870699277725b6 l/glibc-2.12.1-i486-3.txz
d0afd8e838dbe00ae12b0e04e8f025d2 l/glibc-i18n-2.12.1-i486-3.txz
f919fe010cfcb28eb5de849028894d4a l/glibc-profile-2.12.1-i486-3.txz
Slackware x86_64 -current packages:
b068c1e12d49d1cf968db8fffdf1f4a4 a/glibc-solibs-2.12.1-x86_64-3.txz
87c200831200e3e626a1a068167041fd a/glibc-zoneinfo-2.12.1-noarch-3.txz
12fe9ab9e109c162e93215a4995478cd l/glibc-2.12.1-x86_64-3.txz
bc676d8921404ee9fd520137f60d7d3f l/glibc-i18n-2.12.1-x86_64-3.txz
44bb2cf6ecde7a6bcf49a69ca62254ff l/glibc-profile-2.12.1-x86_64-3.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg glibc-*.t?z
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkzKUkYACgkQakRjwEAQIjNjXQCffi+R3vSqymq/bqyhvf6xImKc
SWEAnR8eZeWo6OjI6y5UJFb+7twuQhU0
=7rrE
-----END PGP SIGNATURE-----