Mailing List Info
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists
  Archives

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] glibc (SSA:2010-301-01)
Date: Thu, 28 Oct 2010 21:49:56 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  glibc (SSA:2010-301-01)

New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
and -current to fix a security issue.


Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/glibc-2.11.1-i486-5_slack13.1.txz:  Rebuilt.
  Patched "The GNU C library dynamic linker will dlopen arbitrary DSOs
  during setuid loads."  This security issue allows a local attacker to
  gain root by specifying an unsafe DSO in the library search path to be
  used with a setuid binary in LD_AUDIT mode.
  Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
    http://seclists.org/fulldisclosure/2010/Oct/344
  (* Security fix *)
patches/packages/glibc-i18n-2.11.1-i486-5_slack13.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.11.1-i486-5_slack13.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.11.1-i486-5_slack13.1.txz:  Upgraded.
  (* Security fix *)
patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz:  Upgraded.
  Rebuilt to tzcode2010n and tzdata2010n.
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-2.5-i486-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-i18n-2.5-noarch-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-profile-2.5-i486-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-solibs-2.5-i486-6_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-zoneinfo-2.5-noarch-9_slack12.0.tgz

Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-2.7-i486-12_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-i18n-2.7-noarch-12_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-profile-2.7-i486-12_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-solibs-2.7-i486-12_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-zoneinfo-2.7-noarch-12_slack12.0.tgz

Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-2.7-i486-19_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-i18n-2.7-noarch-19_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-profile-2.7-i486-19_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-solibs-2.7-i486-19_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-zoneinfo-2.7-noarch-19_slack12.2.tgz

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-2.9-i486-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-i18n-2.9-i486-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-profile-2.9-i486-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-solibs-2.9-i486-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-zoneinfo-2.9-noarch-5_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-2.9-x86_64-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-i18n-2.9-x86_64-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-profile-2.9-x86_64-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-solibs-2.9-x86_64-5_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-zoneinfo-2.9-noarch-5_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-5_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.12.1-i486-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2.12.1-noarch-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.12.1-i486-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.12.1-i486-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.12.1-i486-3.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.12.1-x86_64-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2.12.1-noarch-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.12.1-x86_64-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.12.1-x86_64-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.12.1-x86_64-3.txz


MD5 signatures:
+-------------+

Slackware 12.0 packages:
8d468bef0a3b50325d77ab996b5a9d9a  glibc-2.5-i486-6_slack12.0.tgz
b01d3fecfd3ed105c5c141a3dc7af401  glibc-i18n-2.5-noarch-6_slack12.0.tgz
caf14c4ad8e444000220bc7cc256c495  glibc-profile-2.5-i486-6_slack12.0.tgz
451af23d75820fac2d4bb431b5830b85  glibc-solibs-2.5-i486-6_slack12.0.tgz
119d0d794a46f94bc17f83f0ac06a3d3  glibc-zoneinfo-2.5-noarch-9_slack12.0.tgz

Slackware 12.1 packages:
ccc6cad27bc0fb344656cde9a13b38ba  glibc-2.7-i486-12_slack12.1.tgz
5d898df2a09262f7257d3eda50a57d68  glibc-i18n-2.7-noarch-12_slack12.1.tgz
068a14a920b5081cb70d83d9b0f84241  glibc-profile-2.7-i486-12_slack12.1.tgz
84cb8ee27e6f839c9d0c5f6817ad8730  glibc-solibs-2.7-i486-12_slack12.1.tgz
59355d9135e1c63a47cefb8b1913a482  glibc-zoneinfo-2.7-noarch-12_slack12.0.tgz

Slackware 12.2 packages:
92731f67629c32a3944568e5e45f7eea  glibc-2.7-i486-19_slack12.2.tgz
0186435a93d1b21d9b8583698141eac6  glibc-i18n-2.7-noarch-19_slack12.2.tgz
75b2c8928bfcee081eaa2e24b80ba9c3  glibc-profile-2.7-i486-19_slack12.2.tgz
3fb2a406f8625e307a455d9c8ecc8589  glibc-solibs-2.7-i486-19_slack12.2.tgz
e5b641e76bd83f1b78d15918e37861b3  glibc-zoneinfo-2.7-noarch-19_slack12.2.tgz

Slackware 13.0 packages:
1db19f0d2e560237d7e7b563edac1717  glibc-2.9-i486-5_slack13.0.txz
605c3e4727111314a3b352c1043e3c70  glibc-i18n-2.9-i486-5_slack13.0.txz
3846ded61e77d33d2b6d2b09a2c8a9e8  glibc-profile-2.9-i486-5_slack13.0.txz
766f590fa9f9afac74a3395464d563f5  glibc-solibs-2.9-i486-5_slack13.0.txz
4726810af74ad4fadf06a6ff804a0c28  glibc-zoneinfo-2.9-noarch-5_slack13.0.txz

Slackware x86_64 13.0 packages:
909942f6df189166b39fb5b6e3781731  glibc-2.9-x86_64-5_slack13.0.txz
ee4e1d3994bf63d7aeea7fcc4fd26d12  glibc-i18n-2.9-x86_64-5_slack13.0.txz
6602482f69059373ac0831c669d53acf  glibc-profile-2.9-x86_64-5_slack13.0.txz
281ab0a7b97cc848f508c33339932eac  glibc-solibs-2.9-x86_64-5_slack13.0.txz
df641f4c6bd461b6e0d7f517829081ba  glibc-zoneinfo-2.9-noarch-5_slack13.0.txz

Slackware 13.1 packages:
6527a72a8454bf4bdb310e02e0da83b1  glibc-2.11.1-i486-5_slack13.1.txz
c4a2ebb19582db01f411dc1ff48b5b73  glibc-i18n-2.11.1-i486-5_slack13.1.txz
626a6183a927a5afc71997f40c6385d3  glibc-profile-2.11.1-i486-5_slack13.1.txz
15b9ca16b5f61f819c3da72f9e5e3c99  glibc-solibs-2.11.1-i486-5_slack13.1.txz
f118773d1bb266378f80b4cb2c5287b2  glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz

Slackware x86_64 13.1 packages:
037e2ccd9a3696db1203f4067e375cf4  glibc-2.11.1-x86_64-5_slack13.1.txz
13a43ca43e61861a581181f59a6ec62f  glibc-i18n-2.11.1-x86_64-5_slack13.1.txz
1898b8bde310da6bbf2147e789e67200  glibc-profile-2.11.1-x86_64-5_slack13.1.txz
a0914b17959f521cc6b93218735c8a48  glibc-solibs-2.11.1-x86_64-5_slack13.1.txz
3f5621fbe482cbc287155400c5012f84  glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz

Slackware -current packages:
0ed6d0e2079be5d275455739cdaf0549  a/glibc-solibs-2.12.1-i486-3.txz
b23dbc1e4ba31fd6827fd51012da7d6d  a/glibc-zoneinfo-2.12.1-noarch-3.txz
3ea2bf3794eec46fc8870699277725b6  l/glibc-2.12.1-i486-3.txz
d0afd8e838dbe00ae12b0e04e8f025d2  l/glibc-i18n-2.12.1-i486-3.txz
f919fe010cfcb28eb5de849028894d4a  l/glibc-profile-2.12.1-i486-3.txz

Slackware x86_64 -current packages:
b068c1e12d49d1cf968db8fffdf1f4a4  a/glibc-solibs-2.12.1-x86_64-3.txz
87c200831200e3e626a1a068167041fd  a/glibc-zoneinfo-2.12.1-noarch-3.txz
12fe9ab9e109c162e93215a4995478cd  l/glibc-2.12.1-x86_64-3.txz
bc676d8921404ee9fd520137f60d7d3f  l/glibc-i18n-2.12.1-x86_64-3.txz
44bb2cf6ecde7a6bcf49a69ca62254ff  l/glibc-profile-2.12.1-x86_64-3.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg glibc-*.t?z


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzKUkYACgkQakRjwEAQIjNjXQCffi+R3vSqymq/bqyhvf6xImKc
SWEAnR8eZeWo6OjI6y5UJFb+7twuQhU0
=7rrE
-----END PGP SIGNATURE-----

Slackware™ is a trademark of Patrick Volkerding.