| |||||||||||||||||||
Slackware alert SSA:2010-301-01 (glibc)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] glibc (SSA:2010-301-01) New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: +--------------------------+ patches/packages/glibc-2.11.1-i486-5_slack13.1.txz: Rebuilt. Patched "The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads." This security issue allows a local attacker to gain root by specifying an unsafe DSO in the library search path to be used with a setuid binary in LD_AUDIT mode. Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes). For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856 http://seclists.org/fulldisclosure/2010/Oct/344 (* Security fix *) patches/packages/glibc-i18n-2.11.1-i486-5_slack13.1.txz: Rebuilt. patches/packages/glibc-profile-2.11.1-i486-5_slack13.1.txz: Rebuilt. patches/packages/glibc-solibs-2.11.1-i486-5_slack13.1.txz: Upgraded. (* Security fix *) patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz: Upgraded. Rebuilt to tzcode2010n and tzdata2010n. +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patc... ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patc... ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patc... ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patc... ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patc... Updated packages for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patc... ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patc... ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patc... ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patc... ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patc... Updated packages for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patc... ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patc... ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patc... ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patc... ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patc... Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patc... ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patc... ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patc... ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patc... ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patc... Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/pa... ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/pa... ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/pa... ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/pa... ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/pa... Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patc... ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patc... ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patc... ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patc... ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patc... Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/pa... ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/pa... ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/pa... ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/pa... ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/pa... Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/s... ftp://ftp.slackware.com/pub/slackware/slackware-current/s... ftp://ftp.slackware.com/pub/slackware/slackware-current/s... ftp://ftp.slackware.com/pub/slackware/slackware-current/s... ftp://ftp.slackware.com/pub/slackware/slackware-current/s... Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current... ftp://ftp.slackware.com/pub/slackware/slackware64-current... ftp://ftp.slackware.com/pub/slackware/slackware64-current... ftp://ftp.slackware.com/pub/slackware/slackware64-current... ftp://ftp.slackware.com/pub/slackware/slackware64-current... MD5 signatures: +-------------+ Slackware 12.0 packages: 8d468bef0a3b50325d77ab996b5a9d9a glibc-2.5-i486-6_slack12.0.tgz b01d3fecfd3ed105c5c141a3dc7af401 glibc-i18n-2.5-noarch-6_slack12.0.tgz caf14c4ad8e444000220bc7cc256c495 glibc-profile-2.5-i486-6_slack12.0.tgz 451af23d75820fac2d4bb431b5830b85 glibc-solibs-2.5-i486-6_slack12.0.tgz 119d0d794a46f94bc17f83f0ac06a3d3 glibc-zoneinfo-2.5-noarch-9_slack12.0.tgz Slackware 12.1 packages: ccc6cad27bc0fb344656cde9a13b38ba glibc-2.7-i486-12_slack12.1.tgz 5d898df2a09262f7257d3eda50a57d68 glibc-i18n-2.7-noarch-12_slack12.1.tgz 068a14a920b5081cb70d83d9b0f84241 glibc-profile-2.7-i486-12_slack12.1.tgz 84cb8ee27e6f839c9d0c5f6817ad8730 glibc-solibs-2.7-i486-12_slack12.1.tgz 59355d9135e1c63a47cefb8b1913a482 glibc-zoneinfo-2.7-noarch-12_slack12.0.tgz Slackware 12.2 packages: 92731f67629c32a3944568e5e45f7eea glibc-2.7-i486-19_slack12.2.tgz 0186435a93d1b21d9b8583698141eac6 glibc-i18n-2.7-noarch-19_slack12.2.tgz 75b2c8928bfcee081eaa2e24b80ba9c3 glibc-profile-2.7-i486-19_slack12.2.tgz 3fb2a406f8625e307a455d9c8ecc8589 glibc-solibs-2.7-i486-19_slack12.2.tgz e5b641e76bd83f1b78d15918e37861b3 glibc-zoneinfo-2.7-noarch-19_slack12.2.tgz Slackware 13.0 packages: 1db19f0d2e560237d7e7b563edac1717 glibc-2.9-i486-5_slack13.0.txz 605c3e4727111314a3b352c1043e3c70 glibc-i18n-2.9-i486-5_slack13.0.txz 3846ded61e77d33d2b6d2b09a2c8a9e8 glibc-profile-2.9-i486-5_slack13.0.txz 766f590fa9f9afac74a3395464d563f5 glibc-solibs-2.9-i486-5_slack13.0.txz 4726810af74ad4fadf06a6ff804a0c28 glibc-zoneinfo-2.9-noarch-5_slack13.0.txz Slackware x86_64 13.0 packages: 909942f6df189166b39fb5b6e3781731 glibc-2.9-x86_64-5_slack13.0.txz ee4e1d3994bf63d7aeea7fcc4fd26d12 glibc-i18n-2.9-x86_64-5_slack13.0.txz 6602482f69059373ac0831c669d53acf glibc-profile-2.9-x86_64-5_slack13.0.txz 281ab0a7b97cc848f508c33339932eac glibc-solibs-2.9-x86_64-5_slack13.0.txz df641f4c6bd461b6e0d7f517829081ba glibc-zoneinfo-2.9-noarch-5_slack13.0.txz Slackware 13.1 packages: 6527a72a8454bf4bdb310e02e0da83b1 glibc-2.11.1-i486-5_slack13.1.txz c4a2ebb19582db01f411dc1ff48b5b73 glibc-i18n-2.11.1-i486-5_slack13.1.txz 626a6183a927a5afc71997f40c6385d3 glibc-profile-2.11.1-i486-5_slack13.1.txz 15b9ca16b5f61f819c3da72f9e5e3c99 glibc-solibs-2.11.1-i486-5_slack13.1.txz f118773d1bb266378f80b4cb2c5287b2 glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz Slackware x86_64 13.1 packages: 037e2ccd9a3696db1203f4067e375cf4 glibc-2.11.1-x86_64-5_slack13.1.txz 13a43ca43e61861a581181f59a6ec62f glibc-i18n-2.11.1-x86_64-5_slack13.1.txz 1898b8bde310da6bbf2147e789e67200 glibc-profile-2.11.1-x86_64-5_slack13.1.txz a0914b17959f521cc6b93218735c8a48 glibc-solibs-2.11.1-x86_64-5_slack13.1.txz 3f5621fbe482cbc287155400c5012f84 glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz Slackware -current packages: 0ed6d0e2079be5d275455739cdaf0549 a/glibc-solibs-2.12.1-i486-3.txz b23dbc1e4ba31fd6827fd51012da7d6d a/glibc-zoneinfo-2.12.1-noarch-3.txz 3ea2bf3794eec46fc8870699277725b6 l/glibc-2.12.1-i486-3.txz d0afd8e838dbe00ae12b0e04e8f025d2 l/glibc-i18n-2.12.1-i486-3.txz f919fe010cfcb28eb5de849028894d4a l/glibc-profile-2.12.1-i486-3.txz Slackware x86_64 -current packages: b068c1e12d49d1cf968db8fffdf1f4a4 a/glibc-solibs-2.12.1-x86_64-3.txz 87c200831200e3e626a1a068167041fd a/glibc-zoneinfo-2.12.1-noarch-3.txz 12fe9ab9e109c162e93215a4995478cd l/glibc-2.12.1-x86_64-3.txz bc676d8921404ee9fd520137f60d7d3f l/glibc-i18n-2.12.1-x86_64-3.txz 44bb2cf6ecde7a6bcf49a69ca62254ff l/glibc-profile-2.12.1-x86_64-3.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg glibc-*.t?z +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkzKUkYACgkQakRjwEAQIjNjXQCffi+R3vSqymq/bqyhvf6xImKc SWEAnR8eZeWo6OjI6y5UJFb+7twuQhU0 =7rrE -----END PGP SIGNATURE----- (Log in to post comments)
|
|||||||||||||||||||