|
|
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] glibc glob overflow patched
Date: Fri, 11 Jan 2002 17:29:30 -0800 (PST) |
|
A buffer overflow has been found in the glob(3) function in glibc.
Fixed packages for Slackware 8.0 are now available.
Here's the information from the Slackware 8.0 ChangeLog:
Fri Jan 11 14:07:07 PST 2002
patches/packages/glibc.tgz, patches/packages/glibcso.tgz:
Fixed a buffer overflow in the glob(3) function. This bug may be
exploited through external services that might make use of it, like the
port of OpenBSD's FTP server (not included in Slackware, but an example
that's known to be affected). It's highly recommended that internet-
connected machines or machines with local users who might try to exploit
setuid root binaries be upgraded as soon as possible.
Thanks to Flávio Veloso and Jakub Jelinek for finding this problem and
working out a patch.
We urge all Slackware users to upgrade to these new glibc packages as soon
as possible.
WHERE TO FIND THE NEW PACKAGES:
-------------------------------
Updated glibc package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/glibc.tgz
Updated glibcso package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/glibcso.tgz
MD5 SIGNATURES:
---------------
Here are the md5sums for the packages:
b01db77386dfcd292018701c68d312d5 glibc.tgz
857ac96829be1b409503ba8ee1e96d63 glibcso.tgz
INSTALLATION INSTRUCTIONS:
--------------------------
Simply upgrade as root:
# upgradepkg glibcso.tgz glibc.tgz
Remember, it's also a good idea to backup configuration files before
upgrading packages.
- Slackware Linux Security Team
http://www.slackware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
|
| |