Slackware Security Advisories
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] glibc (SSA:2012-244-01)
Date: Fri, 31 Aug 2012 11:37:01 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  glibc (SSA:2012-244-01)

New glibc packages are available for Slackware 13.1, 13.37, and -current to
fix security issues.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/glibc-2.13-i486-6_slack13.37.txz:  Rebuilt.
  Patched multiple integer overflows in the strtod, strtof, strtold, and
  strtod_l functions in stdlib in the GNU C Library allow local users to
  cause a denial of service (application crash) and possibly execute
  arbitrary code via a long string, which triggers a stack-based buffer
  overflow.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480
  (* Security fix *)
patches/packages/glibc-i18n-2.13-i486-6_slack13.37.txz:  Rebuilt.
patches/packages/glibc-profile-2.13-i486-6_slack13.37.txz:  Rebuilt.
patches/packages/glibc-solibs-2.13-i486-6_slack13.37.txz:  Rebuilt.
patches/packages/glibc-zoneinfo-2.13-noarch-6_slack13.37.txz:  Rebuilt.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-7_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-7_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-7_slack13.1.txz

Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-2.13-i486-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-i18n-2.13-i486-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-profile-2.13-i486-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-solibs-2.13-i486-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-zoneinfo-2.13-noarch-6_slack13.37.txz

Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-2.13-x86_64-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-i18n-2.13-x86_64-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-profile-2.13-x86_64-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-solibs-2.13-x86_64-6_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-zoneinfo-2.13-noarch-6_slack13.37.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.15-i486-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2012e_2012e-noarch-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.15-i486-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.15-i486-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.15-i486-6.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.15-x86_64-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2012e_2012e-noarch-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.15-x86_64-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.15-x86_64-6.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.15-x86_64-6.txz


MD5 signatures:
+-------------+

Slackware 13.1 packages:
edd13967ed3d8dec440a89ee5289fbca  glibc-2.11.1-i486-7_slack13.1.txz
6f32d223d76deeb7b9f3a21922bd01b5  glibc-i18n-2.11.1-i486-7_slack13.1.txz
a0e1250d433bbb79a3ba08b9c7d71e51  glibc-profile-2.11.1-i486-7_slack13.1.txz
864ca9b87dfb11785128133cfea320db  glibc-solibs-2.11.1-i486-7_slack13.1.txz
f7561370aae626dca40bbbdfd51dfda9  glibc-zoneinfo-2.11.1-noarch-7_slack13.1.txz

Slackware x86_64 13.1 packages:
fc12fd088f1e537258650875fec86438  glibc-2.11.1-x86_64-7_slack13.1.txz
7a7e5b5303ae013201d80ace00ef2bd7  glibc-i18n-2.11.1-x86_64-7_slack13.1.txz
fd15e380056b751d633a9d5f68cb2203  glibc-profile-2.11.1-x86_64-7_slack13.1.txz
b5b6dc3c09d53622098ea9d24dc7072e  glibc-solibs-2.11.1-x86_64-7_slack13.1.txz
f0697995c80b6e636b77336d68095826  glibc-zoneinfo-2.11.1-noarch-7_slack13.1.txz

Slackware 13.37 packages:
981ea852e4a84e52581eb8552a0d560d  glibc-2.13-i486-6_slack13.37.txz
db61d214708227d74794dce0bf20e413  glibc-i18n-2.13-i486-6_slack13.37.txz
58a459cbe063222332efd9f206d6debc  glibc-profile-2.13-i486-6_slack13.37.txz
0608e56b8e2505dede8788929b3f3e6c  glibc-solibs-2.13-i486-6_slack13.37.txz
c054e6efb42b94da65a808d435992307  glibc-zoneinfo-2.13-noarch-6_slack13.37.txz

Slackware x86_64 13.37 packages:
683c0976cf447451f70ad89e938b9777  glibc-2.13-x86_64-6_slack13.37.txz
a1fd86ad6c472f6de29f20ae75af0f5a  glibc-i18n-2.13-x86_64-6_slack13.37.txz
7e1400cb7a85ac091ab481d3df724b85  glibc-profile-2.13-x86_64-6_slack13.37.txz
b14d793b43de47999ceec4013671d939  glibc-solibs-2.13-x86_64-6_slack13.37.txz
04f95620164ab72f4b3739881ce95adb  glibc-zoneinfo-2.13-noarch-6_slack13.37.txz

Slackware -current packages:
a3cd88ff0d0dcacfa43c0003afddc7a8  a/glibc-solibs-2.15-i486-6.txz
b8fd7fab60bcd4b3e72c75b41f2a1463  a/glibc-zoneinfo-2012e_2012e-noarch-6.txz
98bb23242f559cad59f4e3bd7b7ab63f  l/glibc-2.15-i486-6.txz
d2768f1d5d17a66288d6f6d5525fade0  l/glibc-i18n-2.15-i486-6.txz
8f909602ea32f81950731bcef6a28533  l/glibc-profile-2.15-i486-6.txz

Slackware x86_64 -current packages:
538e100455adc41cf41db73cdbe51685  a/glibc-solibs-2.15-x86_64-6.txz
3dbcddbdc4972049e633c588f3fbf182  a/glibc-zoneinfo-2012e_2012e-noarch-6.txz
e2801fdd45ea6d26a7f3b28111c1ea45  l/glibc-2.15-x86_64-6.txz
fc500389aecef3bbbd574f83fe564ddc  l/glibc-i18n-2.15-x86_64-6.txz
eb2968f0e1fa932d79c4d32c546ae101  l/glibc-profile-2.15-x86_64-6.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg glibc-*.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlBA9w4ACgkQakRjwEAQIjNGawCdEXkb6UuW89udSzwoGFQllH+q
1pwAniNvIcUIis+WXyqE2dLT5EvhNx9R
=Ytot
-----END PGP SIGNATURE-----

Slackware® is a registered trademark of Slackware Linux, Inc. All logos and graphics are copyrighted.