Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Mandrake Linux Advisory: glibc

Nov 19, 2003, 23:52 (0 Talkback[s])

Mandrake Linux Security Update Advisory


Package name: glibc
Advisory ID: MDKSA-2003:107
Date: November 18th, 2003
Affected versions: 9.0, 9.1, Corporate Server 2.1,
Multi Network Firewall 8.2

Problem Description:

A bug was discovered in the getgrouplist function in glibc that can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segementation faults in various user applications, some of which may lead to additional security problems. The problem can only be triggered if the user is in a larger number of groups than expected by an application.

The provided packages are patched to address this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0689


Updated Packages:

Corporate Server 2.1:
a75afbeab6bb0af8312606a5206b649f corporate/2.1/RPMS/glibc-2.2.5-16.3.C21mdk.i586.rpm
0728825f51c3bbdd93c8f2573927c035 corporate/2.1/RPMS/glibc-devel-2.2.5-16.3.C21mdk.i586.rpm
cb76d0a10f88a3194023065888e16a9e corporate/2.1/RPMS/glibc-i18ndata-2.2.5-16.3.C21mdk.i586.rpm
904f109cf66575c2eaa8e15a6f1ddee1 corporate/2.1/RPMS/glibc-profile-2.2.5-16.3.C21mdk.i586.rpm
007307c4d8a271f72a97fc97f7303ff5 corporate/2.1/RPMS/glibc-static-devel-2.2.5-16.3.C21mdk.i586.rpm
4c8a57e8fdc3acefb8daa6eeda23ba70 corporate/2.1/RPMS/glibc-utils-2.2.5-16.3.C21mdk.i586.rpm
76efd47f25ba60c9bbc567668a38e4ff corporate/2.1/RPMS/ldconfig-2.2.5-16.3.C21mdk.i586.rpm
efd517e924eb066acd0856bb476f87af corporate/2.1/RPMS/nscd-2.2.5-16.3.C21mdk.i586.rpm
7c062ed74887835eba2f1a50a265b8c9 corporate/2.1/RPMS/timezone-2.2.5-16.3.C21mdk.i586.rpm
61f2d1b5fe0bc03cb0af9ef086c667bb corporate/2.1/SRPMS/glibc-2.2.5-16.3.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
5aae39182bab1d726180953a7cd8d792 x86_64/corporate/2.1/RPMS/glibc-2.2.5-28.1.C21mdk.x86_64.rpm
d3486ac35ba3d078e737be31113475f0 x86_64/corporate/2.1/RPMS/glibc-debug-2.2.5-28.1.C21mdk.x86_64.rpm
939043df28c991d7b37b33fef3d0feb2 x86_64/corporate/2.1/RPMS/glibc-devel-2.2.5-28.1.C21mdk.x86_64.rpm
c1b184cb452e4d60f268a4fc5f48e174 x86_64/corporate/2.1/RPMS/glibc-i18ndata-2.2.5-28.1.C21mdk.x86_64.rpm
f2777101e2778fe7de39673220d7a069 x86_64/corporate/2.1/RPMS/glibc-profile-2.2.5-28.1.C21mdk.x86_64.rpm
b2d191df43537f5f8e2e100b1de072ed x86_64/corporate/2.1/RPMS/glibc-static-devel-2.2.5-28.1.C21mdk.x86_64.rpm
083d9e44ce870e0d0ba2cea4c67963ec x86_64/corporate/2.1/RPMS/glibc-utils-2.2.5-28.1.C21mdk.x86_64.rpm
0e6f3655b336442eb80847d1e2be858a x86_64/corporate/2.1/RPMS/ldconfig-2.2.5-28.1.C21mdk.x86_64.rpm
059c6093ad5916e48a8786211a7ece0a x86_64/corporate/2.1/RPMS/nscd-2.2.5-28.1.C21mdk.x86_64.rpm
e0a23600cbd0ceb7a44fd4e275b4f454 x86_64/corporate/2.1/RPMS/timezone-2.2.5-28.1.C21mdk.x86_64.rpm
c4de027516cfb1c943656f3876c89c44 x86_64/corporate/2.1/SRPMS/glibc-2.2.5-28.1.C21mdk.src.rpm

Mandrake Linux 9.0:
e64b4f099e7cd715c5ff1fc895101821 9.0/RPMS/glibc-2.2.5-16.3.90mdk.i586.rpm
48a4f54fc49c39306a002633ae4495af 9.0/RPMS/glibc-devel-2.2.5-16.3.90mdk.i586.rpm
9db7115962de7c0680ce0de12ea1955c 9.0/RPMS/glibc-i18ndata-2.2.5-16.3.90mdk.i586.rpm
c5fed843eb910c860e3af39e6583e3bb 9.0/RPMS/glibc-profile-2.2.5-16.3.90mdk.i586.rpm
2608fa069dfd563541f018742310d7b0 9.0/RPMS/glibc-static-devel-2.2.5-16.3.90mdk.i586.rpm
101574c95eeb7e8849f9ef0010afdec4 9.0/RPMS/glibc-utils-2.2.5-16.3.90mdk.i586.rpm
9c809b34abce979ef8cc2dea06a4b025 9.0/RPMS/ldconfig-2.2.5-16.3.90mdk.i586.rpm
2b04e51c90b79235ccfe673b123fbb9c 9.0/RPMS/nscd-2.2.5-16.3.90mdk.i586.rpm
386ac1d7f745c8deb1d3346cf86f7b51 9.0/RPMS/timezone-2.2.5-16.3.90mdk.i586.rpm
434a57fb27d0d12337bc579eaf89d1db 9.0/SRPMS/glibc-2.2.5-16.3.90mdk.src.rpm

Mandrake Linux 9.1:
14b04c0c5abfcdeeb7ddcd99dff6f59c 9.1/RPMS/glibc-2.3.1-10.1.91mdk.i586.rpm
db0399ed5e4e5932ccd68eb1d971e918 9.1/RPMS/glibc-debug-2.3.1-10.1.91mdk.i586.rpm
55e698783b2f00d56e74a6a0295ddc65 9.1/RPMS/glibc-devel-2.3.1-10.1.91mdk.i586.rpm
8d794fa39d989aff297eecddf8f3a89a 9.1/RPMS/glibc-i18ndata-2.3.1-10.1.91mdk.i586.rpm
28000c25d34f6b6136092840825009a8 9.1/RPMS/glibc-profile-2.3.1-10.1.91mdk.i586.rpm
2fd232922ed61aba14ca2da29948bfa5 9.1/RPMS/glibc-static-devel-2.3.1-10.1.91mdk.i586.rpm
93c16beb43e79147b89d89dc080dcc3c 9.1/RPMS/glibc-utils-2.3.1-10.1.91mdk.i586.rpm
dde039c956d163bfd0d58729765acc0d 9.1/RPMS/ldconfig-2.3.1-10.1.91mdk.i586.rpm
c4a00854f69004fdc8875ceae2a23cab 9.1/RPMS/nscd-2.3.1-10.1.91mdk.i586.rpm
e8f5a1eddced3c8e63d2a00236468a0a 9.1/RPMS/timezone-2.3.1-10.1.91mdk.i586.rpm
6c7aa1aae0bc39f4211a3d0d1b9b79fa 9.1/SRPMS/glibc-2.3.1-10.1.91mdk.src.rpm

Mandrake Linux 9.1/PPC:
bdacbfff4264a72f3106bd323597d668 ppc/9.1/RPMS/glibc-2.3.1-10.1.91mdk.ppc.rpm
1b3c15be2106be26ed3532a372f68e27 ppc/9.1/RPMS/glibc-debug-2.3.1-10.1.91mdk.ppc.rpm
5e08d596df7113323ae399c04328c091 ppc/9.1/RPMS/glibc-devel-2.3.1-10.1.91mdk.ppc.rpm
4a763d9d65729ae8523b3991561d8cdb ppc/9.1/RPMS/glibc-i18ndata-2.3.1-10.1.91mdk.ppc.rpm
5b856ef8b4e1fcba7b6ea4a04c158e87 ppc/9.1/RPMS/glibc-profile-2.3.1-10.1.91mdk.ppc.rpm
0f51825ee3c18bcb2feb3a8dd2739f46 ppc/9.1/RPMS/glibc-static-devel-2.3.1-10.1.91mdk.ppc.rpm
111efa86d73c156110a31eaa6bbe9f02 ppc/9.1/RPMS/glibc-utils-2.3.1-10.1.91mdk.ppc.rpm
0cfa1714f9ef4e1c62498d08ee5b3042 ppc/9.1/RPMS/ldconfig-2.3.1-10.1.91mdk.ppc.rpm
c961c16bc6eef858083f6e42d5f875c1 ppc/9.1/RPMS/nscd-2.3.1-10.1.91mdk.ppc.rpm
ea602b9406296fc2f198167924ab35cf ppc/9.1/RPMS/timezone-2.3.1-10.1.91mdk.ppc.rpm
6c7aa1aae0bc39f4211a3d0d1b9b79fa ppc/9.1/SRPMS/glibc-2.3.1-10.1.91mdk.src.rpm

Multi Network Firewall 8.2:
058bc1cc39d9af370e6334de4d5ca892 mnf8.2/RPMS/glibc-2.2.4-26.3.M82mdk.i586.rpm
b8feb768e9825ed998b46b90094543fd mnf8.2/RPMS/ldconfig-2.2.4-26.3.M82mdk.i586.rpm
be3a063c275d0240395b433aef3a7ea4 mnf8.2/SRPMS/glibc-2.2.4-26.3.M82mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com>