From security@wirex.com Fri Dec 21 12:07:16 2001 From: Immunix Security Team To: bugtraq@securityfocus.com, linsec@lists.seifried.org, security-alerts@linuxsecurity.com, immunix-announce@immunix.org Date: Wed, 19 Dec 2001 17:46:53 -0800 Subject: Immunix OS 7.0 glibc update [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] ----------------------------------------------------------------------- Immunix OS Security Advisory Packages updated: glibc, nscd Affected products: Immunix OS 7.0 Bugs fixed: immunix/1892, immunix/1893 Date: Wed Dec 19 2001 Advisory ID: IMNX-2001-70-037-01 Author: Seth Arnold ----------------------------------------------------------------------- Description: This update to glibc (and the associated name service cache daemon, nscd) fixes two security problems. The first problem is a race condition in the fts(3) routines that traverse directory structures which allowed malicious users to cause other processes to 'break out of' the file heirarchy. The second problem is in the glob(3) routine; it is a combination of a buffer overflow and an incorrectly free()d buffer. The fts(3) problem was discovered by Nick Cleaton. The glob(3) problem was discovered simultaneously by several people, including script0r, Flávio Veloso, and Jakub Jelinek. Tom Parker also discovered that the glob(3) problem is exploitable. Flávio Veloso and Jakub Jelinek helped fix the glob(3) problems, and it appears that Kris Kennaway, Todd Miller, and Ulrich Drepper are primarily responsible for the fts(3) fixes. We recommend all Immunix 7.0 users upgrade glibc and nscd with these packages. References: http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html http://www.securityfocus.com/archive/1/245956 http://lists.progeny.com/archive/progeny-security-announce/2001/msg00024.html Package names and locations: Precompiled binary packages for Immunix 7.0 are available at: http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/glibc-2.2-12_imnx_12.i386.rpm http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/glibc-common-2.2-12_imnx_12.i386.rpm http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/glibc-devel-2.2-12_imnx_12.i386.rpm http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/glibc-profile-2.2-12_imnx_12.i386.rpm http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/nscd-2.2-12_imnx_12.i386.rpm Source package for Immunix 7.0 is available at: http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/glibc-2.2-12_imnx_12.src.rpm Immunix OS 7.0 md5sums: 2a05dcc3e3f58f426e628a5fed0fd2ac RPMS/glibc-2.2-12_imnx_12.i386.rpm 2d84dd833ceab77f00f452f7543a4b48 RPMS/glibc-common-2.2-12_imnx_12.i386.rpm 43648b8c310bbb080745a6d8a1b35f7e RPMS/glibc-devel-2.2-12_imnx_12.i386.rpm ee13dd6fc866d841bfa4d2755397e942 RPMS/glibc-profile-2.2-12_imnx_12.i386.rpm 14822515526ef18387b3e3fdf4b2845a RPMS/nscd-2.2-12_imnx_12.i386.rpm 7e378043c28aeee30f8270663f5faf82 SRPMS/glibc-2.2-12_imnx_12.src.rpm GPG verification: Our public key is available at . *** NOTE *** This key is different from the one used in advisories IMNX-2001-70-020-01 and earlier. Online version of all Immunix 6.2 updates and advisories: http://immunix.org/ImmunixOS/6.2/updates/ Online version of all Immunix 7.0-beta updates and advisories: http://immunix.org/ImmunixOS/7.0-beta/updates/ Online version of all Immunix 7.0 updates and advisories: http://immunix.org/ImmunixOS/7.0/updates/ NOTE: Ibiblio is graciously mirroring our updates, so if the links above are slow, please try: ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/ or one of the many mirrors available at: http://www.ibiblio.org/pub/Linux/MIRRORS.html ImmunixOS 6.2 is no longer officially supported. Contact information: To report vulnerabilities, please contact security@wirex.com. WireX attempts to conform to the RFP vulnerability disclosure protocol . [Part 2, Application/PGP-SIGNATURE 248bytes] [Unable to print this part]