--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152848 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152848 2005-09-14 --------------------------------------------------------------------- Name : glibc Versions : rh73: glibc-2.2.5-44.legacy.6 Versions : rh9: glibc-2.3.2-27.9.7.2.legacy Versions : fc1: glibc-2.3.2-101.4.2.legacy Versions : fc2: glibc-2.3.3-27.1.1.legacy Summary : The GNU libc libraries. Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. --------------------------------------------------------------------- Update Information: Updated glibc packages that address several bugs are now available. The GNU libc packages (known as glibc) contain the standard C libraries used by applications. Flaws in the catchsegv and glibcbug scripts were discovered. A local user could utilize these flaws to overwrite files via a symlink attack on temporary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0968 and CAN-2004-1382 to these issues. It was discovered that the use of LD_DEBUG and LD_SHOW_AUXV were not restricted for a setuid program. A local user could utilize this flaw to gain information, such as the list of symbols used by the program. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1453 to this issue. Users of glibc are advised to upgrade to these erratum packages that remove the unecessary glibcbug script and contain backported patches to correct these other issues. --------------------------------------------------------------------- Changelogs rh73: * Mon Aug 15 2005 Pekka Savola <pekkas@xxxxxxxxxx> 2.2.4-44.legacy.6 - fix i686 build issue (a couple of misplaced extra %patch lines) * Sun May 01 2005 Pekka Savola <pekkas@xxxxxxxxxx> 2.2.4-44.legacy.5 - add glibc-2.2.4-nscd-hstcache.patch to fix gethostbyaddr/gethostbyname caching issues, #156048. Patch from RHEL21. * Sat Apr 30 2005 Pekka Savola <pekkas@xxxxxxxxxx> 2.2.4-44.legacy.4 - fix CAN-2004-0968, CAN-2004-1382, and CAN-2004-1453 (#152848) rh9: * Sat Apr 30 2005 Pekka Savola <pekkas@xxxxxxxxxx> 2.3.2-27.9.7.1.legacy - fix CAN-2004-0968, CAN-2004-1382, and CAN-2004-1453 (#152848) - Unbreak IPv6 reverse lookups, broken by errata 2.3.2-27.9.2 fc1: * Sat Apr 30 2005 Pekka Savola <pekkas@xxxxxxxxxx> 2.3.2-101.4.1.legacy - fix CAN-2004-0968, CAN-2004-1382, and CAN-2004-1453 (#152848) - Unbreak IPv6 reverse lookups, broken by errata 2.3.2-27.9.2 fc2: * Wed Jul 20 2005 Pekka Savola <pekkas@xxxxxxxxxx> 2.3.3-27.1.1.legacy - Fix LD_DEBUG leak (CAN-2004-1453), #152848 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 76bcec5fdd862df2fffaeeaeacbfcd8c53dd6a28 redhat/7.3/updates-testing/i386/glibc-2.2.5-44.legacy.6.i386.rpm 79dd43763e464959889867bb5f28c0935d31e401 redhat/7.3/updates-testing/i386/glibc-2.2.5-44.legacy.6.i686.rpm f83509fe544e517cfa5f40829b2921155eed6930 redhat/7.3/updates-testing/i386/glibc-common-2.2.5-44.legacy.6.i386.rpm a4065db0ddfcec1a95dade4756b7af76da487059 redhat/7.3/updates-testing/i386/glibc-debug-2.2.5-44.legacy.6.i386.rpm a88e249e0747927d7b0607f24202f4772c2f5f51 redhat/7.3/updates-testing/i386/glibc-debug-2.2.5-44.legacy.6.i686.rpm bbd6858e1409960769b945af03f13e0732b35ec2 redhat/7.3/updates-testing/i386/glibc-debug-static-2.2.5-44.legacy.6.i386.rpm 4f76f3f2267edb91ac130ad18942b34741314914 redhat/7.3/updates-testing/i386/glibc-devel-2.2.5-44.legacy.6.i386.rpm 3996fc2d6e306a127d03d468bde83e821b6ca2f9 redhat/7.3/updates-testing/i386/glibc-profile-2.2.5-44.legacy.6.i386.rpm 2916fbe09c40b3961add814aaebda7e651799342 redhat/7.3/updates-testing/i386/glibc-utils-2.2.5-44.legacy.6.i386.rpm 2250cf7ccb19268cc5b103d17512f877a1e9756d redhat/7.3/updates-testing/i386/nscd-2.2.5-44.legacy.6.i386.rpm d3178ba384c31d0e4b53b7c79f8c1f3d4f2e63c2 redhat/7.3/updates-testing/SRPMS/glibc-2.2.5-44.legacy.6.src.rpm rh9: 6b01d43cc41177a83c765862be0e3802df307c61 redhat/9/updates-testing/i386/glibc-2.3.2-27.9.7.2.legacy.i386.rpm b4c28abc5d318f53f22772bc069665adc4f9d5f3 redhat/9/updates-testing/i386/glibc-2.3.2-27.9.7.2.legacy.i686.rpm 8ea462b77d16513f0623409219cb297fa95fe6ba redhat/9/updates-testing/i386/glibc-common-2.3.2-27.9.7.2.legacy.i386.rpm 94c1f526eed545959a9b60ac79deef88c0c5c9a0 redhat/9/updates-testing/i386/glibc-debug-2.3.2-27.9.7.2.legacy.i386.rpm b8fe3480b249761c468d4019c3b9ac0358068475 redhat/9/updates-testing/i386/glibc-devel-2.3.2-27.9.7.2.legacy.i386.rpm a01030615e5b874b4225e9cad4e1c9ccc2f4bb33 redhat/9/updates-testing/i386/glibc-profile-2.3.2-27.9.7.2.legacy.i386.rpm d20ce4f39ed7ffc6c8cb81c8a84b229a2158d81e redhat/9/updates-testing/i386/glibc-utils-2.3.2-27.9.7.2.legacy.i386.rpm e20b1e22cfbc1c0eed675b6b6d99ca8d0213f725 redhat/9/updates-testing/i386/nptl-devel-2.3.2-27.9.7.2.legacy.i686.rpm 8684b6e78d7230f8708e5e2a016264baf6ab7ac7 redhat/9/updates-testing/i386/nscd-2.3.2-27.9.7.2.legacy.i386.rpm 5afb7ec9ec9f9b3bb36d372104ec647d7c6d9ebb redhat/9/updates-testing/SRPMS/glibc-2.3.2-27.9.7.2.legacy.src.rpm fc1: ef743504f28c797cd9a807dd8a769a837eda8525 fedora/1/updates-testing/i386/glibc-2.3.2-101.4.2.legacy.i386.rpm c3dd3abcc811671d63f6033e3ed3ee9806ad0f93 fedora/1/updates-testing/i386/glibc-2.3.2-101.4.2.legacy.i686.rpm cf814c1e573db45e76b63bce49b40876fdd42e28 fedora/1/updates-testing/i386/glibc-common-2.3.2-101.4.2.legacy.i386.rpm 4af7cb248abe614adace704520ab969717d8056b fedora/1/updates-testing/i386/glibc-debug-2.3.2-101.4.2.legacy.i386.rpm 00809ff8abcf096091592e065dbc859a1fc413bd fedora/1/updates-testing/i386/glibc-devel-2.3.2-101.4.2.legacy.i386.rpm 8417a8697d7929e866cd48be44bcd4e9b29ef8a2 fedora/1/updates-testing/i386/glibc-headers-2.3.2-101.4.2.legacy.i386.rpm 309bb357b23d00d858b73a132af556862ce735fc fedora/1/updates-testing/i386/glibc-profile-2.3.2-101.4.2.legacy.i386.rpm c7add2f20742acab29c47ec7f42bc789d6111aec fedora/1/updates-testing/i386/glibc-utils-2.3.2-101.4.2.legacy.i386.rpm 5108e73e4fce7fda4c383a5f4a360a2ec3632a4e fedora/1/updates-testing/i386/nptl-devel-2.3.2-101.4.2.legacy.i686.rpm ca70e82a96ad014145357feb9b8b3222314afd7e fedora/1/updates-testing/i386/nscd-2.3.2-101.4.2.legacy.i386.rpm 30cec9b26bb5341afbb6b7698b3c092e395acb65 fedora/1/updates-testing/SRPMS/glibc-2.3.2-101.4.2.legacy.src.rpm fc2: 9ea2cf3d307635ed6be265077ec9594d73030c71 fedora/2/updates-testing/i386/glibc-2.3.3-27.1.1.legacy.i386.rpm 120833cba0615427157a51f69a6e73403f788667 fedora/2/updates-testing/i386/glibc-2.3.3-27.1.1.legacy.i686.rpm d3c27007cab83e778ba7ba5c752077b865c7d618 fedora/2/updates-testing/i386/glibc-common-2.3.3-27.1.1.legacy.i386.rpm ccc5d22e66a7c435b0e1008704ee16856e4717ec fedora/2/updates-testing/i386/glibc-devel-2.3.3-27.1.1.legacy.i386.rpm b11bd48eee48b1b2fd6cc9d52bbbc01247533bb0 fedora/2/updates-testing/i386/glibc-headers-2.3.3-27.1.1.legacy.i386.rpm 2a3c79e2f428742dfef1f15a1bbc64a80c48491e fedora/2/updates-testing/i386/glibc-profile-2.3.3-27.1.1.legacy.i386.rpm 081977a5f9cd0812cd1db6230ff51782d17c83e0 fedora/2/updates-testing/i386/glibc-utils-2.3.3-27.1.1.legacy.i386.rpm be2cc7c357c799a8ad8288e3c99d9c53ea89692e fedora/2/updates-testing/i386/nptl-devel-2.3.3-27.1.1.legacy.i686.rpm d1a9e1c189d58b74a318dd1908cf6b9c0202ac9b fedora/2/updates-testing/i386/nscd-2.3.3-27.1.1.legacy.i386.rpm baafd5d75a788cc578f24fb83280052f3b8422db fedora/2/updates-testing/SRPMS/glibc-2.3.3-27.1.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
