Slackware Security Advisory: glibc 2.1.3 vulnerabilities patched | Linux Today

Slackware Security Advisory: glibc 2.1.3 vulnerabilities patched

Written By
Web Webster
Web Webster
Sep 6, 2000

Date: Wed, 6 Sep 2000 07:02:35 -0300
From: Nick C. Doyle nick@LOLA.2Y.NET
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: [slackware-security]: glibc 2.1.3 vulnerabilities
patched

Three locale-related vulnerabilities with glibc 2.1.3 were
recently reported on BugTraq. These vulnerabilities could allow
local users to gain root access.

Users of Slackware 7.0, 7.1, and -current are strongly urged to
upgrade to the new glibc packages in the -current branch.


glibc 2.1.3 AVAILABLE – (a1/glibcso.tgz, d1/glibc.tgz,
des1/descrypt.tgz)


The three locale-related vulnerabilities with glibc-2.1.3 have
been patched using the CVS glibc patches provided by Solar
Designer.

PACKAGE INFORMATION:


a1/glibcso.tgz:
   This package contains the runtime libraries for glibc 2.1.3.  All
   users of Slackware 7.0 through -current should upgrade this
   package.

d1/glibc.tgz:
   This is the full glibc 2.1.3 package, complete with headers and
   static libraries.  If you had previously installed this package,
   you need to upgrade it.

des1/descrypt.tgz:
   Contains a DES-enabled libcrypt.so library.  If you have this
   package, you need to upgrade it as well.  IMPORTANT:  Be sure to
   upgrade this package *AFTER* glibcso.tgz and glibc.tgz.

WHERE TO FIND THE NEW PACKAGES:


All new packages can be found in the -current branch:


ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/glibcso.tgz


ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/d1/glibc.tgz


ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/des1/descrypt.tgz

MD5 SIGNATURES AND CHECKSUMS:


Here are the md5sums and checksums for the packages:

   1119944158 781102 a1/glibcso.tgz
   4150671113 22146158 d1/glibc.tgz
   95989487 95843 des1/descrypt.tgz

0fa3614e6cdee92687c78d84e2587b81 a1/glibcso.tgz
7fafee175cf7acee5d90fd416e92d44b d1/glibc.tgz
3493af0bae0aeea840a464bc53d3b63f des1/descrypt.tgz

INSTALLATION INSTRUCTIONS:


The three packages above need to be upgraded in single user mode
(runlevel 1). Bring the system into runlevel 1:

   # telinit 1

Then upgrade the packages:

   # upgradepkg .tgz

Then bring the system back into multiuser mode:

   # telinit 3

Remember, it’s also a good idea to backup configuration files
before upgrading packages.

+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+

- Slackware Linux Security Team
http://www.slackware.com 
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.