[RHSA-2002:139-10] Updated glibc packages fix vulnerabilities in resolver
Date: Wed, 24 Jul 2002 18:32 -0400
From: bugzilla@redhat.com
To: redhat-watch-list@redhat.com, redhat-announce-list@redhat.com
Subject: [RHSA-2002:139-10] Updated glibc packages fix vulnerabilities in resolver
Cc: bugtraq@securityfocus.com, linux-security@redhat.com
---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated glibc packages fix vulnerabilities in resolver
Advisory ID: RHSA-2002:139-10
Issue date: 2002-07-11
Updated on: 2002-07-22
Product: Red Hat Linux
Ключевые слова: , , , , , , , , , glibc, resolver, nsswitch, strncpy, (найти похожие документы)
Cross references:=20=20
Obsoletes: RHSA-2001:160
CVE Names: CAN-2002-0684 CAN-2002-0651
---------------------------------------------------------------------
1. Topic:
Updated glibc packages are available to fix two vulnerabilities in the
resolver functions.
2. Relevant releases/architectures:
Red Hat Linux 6.2 - alpha, i386, i686, sparc, sparcv9
Red Hat Linux 7.0 - alpha, alphaev6, i386, i686
Red Hat Linux 7.1 - alpha, alphaev6, i386, i686, ia64
Red Hat Linux 7.2 - i386, i686, ia64
Red Hat Linux 7.3 - i386, i686
3. Problem description:
The glibc package contains standard libraries which are used by
multiple programs on the system.
A buffer overflow vulnerability has been found in the way the glibc
resolver handles the resolution of network names and addresses via DNS (as
per Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are
affected. A system would be vulnerable to this issue if the
"networks" database in /etc/nsswitch.conf includes the "dns" entry. By
default, Red Hat Linux ships with "networks" set to "files" and
is therefore not vulnerable to this issue. (CAN-2002-0684)
A second, related, issue is a bug in the glibc-compat packages, which
provide compatibility for applications compiled against glibc version
2.0.x. Applications compiled against this version (such as those
distributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also
be vulnerable to this issue. (CAN-2002-0651)
These errata packages for Red Hat Linux 7.1 and 7.2 on the Itanium
architecture also include a fix for the strncpy implementation in some
boundary cases.
All users should upgrade to these errata packages which contain patches to
the glibc and glibc-compat libraries and therefore are not vulnerable to
these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
6. RPMs required:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/glibc-2.1.3-24.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/glibc-2.1.3-24.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/glibc-devel-2.1.3-24.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/glibc-profile-2.1.3-24.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/nscd-2.1.3-24.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/glibc-2.1.3-24.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/glibc-devel-2.1.3-24.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/glibc-profile-2.1.3-24.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/nscd-2.1.3-24.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-2.1.3-24.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-devel-2.1.3-24.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-profile-2.1.3-24.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/nscd-2.1.3-24.sparc.rpm
sparcv9:
ftp://updates.redhat.com/6.2/en/os/sparcv9/glibc-2.1.3-24.sparcv9.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/glibc-2.2.4-18.7.0.4.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/glibc-2.2.4-18.7.0.4.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/glibc-common-2.2.4-18.7.0.4.alpha.=
rpm
ftp://updates.redhat.com/7.0/en/os/alpha/glibc-devel-2.2.4-18.7.0.4.alpha.r=
pm
ftp://updates.redhat.com/7.0/en/os/alpha/glibc-profile-2.2.4-18.7.0.4.alpha=
.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/nscd-2.2.4-18.7.0.4.alpha.rpm
alphaev6:
ftp://updates.redhat.com/7.0/en/os/alphaev6/glibc-2.2.4-18.7.0.4.alphaev6.r=
pm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/glibc-2.2.4-18.7.0.4.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/glibc-common-2.2.4-18.7.0.4.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/glibc-devel-2.2.4-18.7.0.4.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/glibc-profile-2.2.4-18.7.0.4.i386.r=
pm
ftp://updates.redhat.com/7.0/en/os/i386/nscd-2.2.4-18.7.0.4.i386.rpm
i686:
ftp://updates.redhat.com/7.0/en/os/i686/glibc-2.2.4-18.7.0.4.i686.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/glibc-2.2.4-27.src.rpm
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/glibc-2.2.4-27.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/glibc-common-2.2.4-27.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/glibc-devel-2.2.4-27.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/glibc-profile-2.2.4-27.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/nscd-2.2.4-27.alpha.rpm
alphaev6:
ftp://updates.redhat.com/7.1/en/os/alphaev6/glibc-2.2.4-27.alphaev6.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/glibc-2.2.4-27.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/glibc-common-2.2.4-27.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/glibc-devel-2.2.4-27.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/glibc-profile-2.2.4-27.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/nscd-2.2.4-27.i386.rpm
i686:
ftp://updates.redhat.com/7.1/en/os/i686/glibc-2.2.4-27.i686.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/glibc-2.2.4-27.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/glibc-common-2.2.4-27.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/glibc-devel-2.2.4-27.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/glibc-profile-2.2.4-27.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/nscd-2.2.4-27.ia64.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/glibc-2.2.4-27.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/glibc-2.2.4-27.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/glibc-common-2.2.4-27.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/glibc-devel-2.2.4-27.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/glibc-profile-2.2.4-27.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/nscd-2.2.4-27.i386.rpm
i686:
ftp://updates.redhat.com/7.2/en/os/i686/glibc-2.2.4-27.i686.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/glibc-2.2.4-27.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/glibc-common-2.2.4-27.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/glibc-devel-2.2.4-27.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/glibc-profile-2.2.4-27.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/nscd-2.2.4-27.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/glibc-2.2.5-37.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/glibc-2.2.5-37.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/glibc-common-2.2.5-37.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/glibc-debug-2.2.5-37.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/glibc-debug-static-2.2.5-37.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/glibc-devel-2.2.5-37.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/glibc-profile-2.2.5-37.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/glibc-utils-2.2.5-37.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/nscd-2.2.5-37.i386.rpm
i686:
ftp://updates.redhat.com/7.3/en/os/i686/glibc-2.2.5-37.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/glibc-debug-2.2.5-37.i686.rpm
7. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
9a3e1bff97d347d5d0eaa649285a29e7 6.2/en/os/SRPMS/glibc-2.1.3-24.src.rpm
2e3e177fe6e65d26cdbb96588a9a5d7c 6.2/en/os/alpha/glibc-2.1.3-24.alpha.rpm
eeaabcca9198c433f2e5f4a3c37e9f94 6.2/en/os/alpha/glibc-devel-2.1.3-24.alpha=
.rpm
e471e5eaddb1096c9e0b6b43d2285e6b 6.2/en/os/alpha/glibc-profile-2.1.3-24.alp=
ha.rpm
0d3567e1ad976fb9968f066d76c1713c 6.2/en/os/alpha/nscd-2.1.3-24.alpha.rpm
55c893993fd3101ce3c3847b03a3fbbe 6.2/en/os/i386/glibc-2.1.3-24.i386.rpm
f9484a4634fce16bed9cdaf098cf861f 6.2/en/os/i386/glibc-devel-2.1.3-24.i386.r=
pm
aed4c48fbc415b8aefe2c20933bbf6b8 6.2/en/os/i386/glibc-profile-2.1.3-24.i386=
.rpm
07abd4e9d2181f8948af2fe76784b554 6.2/en/os/i386/nscd-2.1.3-24.i386.rpm
eb0c870314704ed3eb95961f4060cc7c 6.2/en/os/sparc/glibc-2.1.3-24.sparc.rpm
01c54853ad6a5083bb23eda3d43b22a5 6.2/en/os/sparc/glibc-devel-2.1.3-24.sparc=
.rpm
e39a6b9420f251d11cad05032bf0275b 6.2/en/os/sparc/glibc-profile-2.1.3-24.spa=
rc.rpm
decd8617187517c68d7fa0d0438adf12 6.2/en/os/sparc/nscd-2.1.3-24.sparc.rpm
f60261b7b32f5a627267e06306af56f5 6.2/en/os/sparcv9/glibc-2.1.3-24.sparcv9.r=
pm
5b64505518a0dcc4d6b023f0c7af3960 7.0/en/os/SRPMS/glibc-2.2.4-18.7.0.4.src.r=
pm
10d795dcdfc8756f03219f116182d702 7.0/en/os/alpha/glibc-2.2.4-18.7.0.4.alpha=
.rpm
90714b1817aa083dec2e57477043caf6 7.0/en/os/alpha/glibc-common-2.2.4-18.7.0.=
4.alpha.rpm
0b61592283a9640030c127a5cd124336 7.0/en/os/alpha/glibc-devel-2.2.4-18.7.0.4=
.alpha.rpm
6e5da4f63088606f19777233d68ab296 7.0/en/os/alpha/glibc-profile-2.2.4-18.7.0=
.4.alpha.rpm
739a998a00fc67c4e6a5170e55d17cb5 7.0/en/os/alpha/nscd-2.2.4-18.7.0.4.alpha.=
rpm
39dc3b3b9a963a3c7348a73c0a2ff7f8 7.0/en/os/alphaev6/glibc-2.2.4-18.7.0.4.al=
phaev6.rpm
321393b42a53d31f69b6eaffc9f2102a 7.0/en/os/i386/glibc-2.2.4-18.7.0.4.i386.r=
pm
50afc752fff2c878011119e1b37e8571 7.0/en/os/i386/glibc-common-2.2.4-18.7.0.4=
.i386.rpm
78ab2c22d7b8612016a89907dcbd0d29 7.0/en/os/i386/glibc-devel-2.2.4-18.7.0.4.=
i386.rpm
87d4668630cfd074fefd150475f1e5e5 7.0/en/os/i386/glibc-profile-2.2.4-18.7.0.=
4.i386.rpm
d513dc5efa2d875866ffbdd244a92a67 7.0/en/os/i386/nscd-2.2.4-18.7.0.4.i386.rpm
e35c630998bd879e88f1ab9bb9b74d72 7.0/en/os/i686/glibc-2.2.4-18.7.0.4.i686.r=
pm
8b5c7cb9220631e68050637383b9c29d 7.1/en/os/SRPMS/glibc-2.2.4-27.src.rpm
d70b222f0e4a3ab20968857c68b683ce 7.1/en/os/alpha/glibc-2.2.4-27.alpha.rpm
8bb579b8a232b90550291904d4078449 7.1/en/os/alpha/glibc-common-2.2.4-27.alph=
a.rpm
5923ddfbc622ab02ef63a08607c32b00 7.1/en/os/alpha/glibc-devel-2.2.4-27.alpha=
.rpm
a2701ab8e56f3ed77d62d7de84dd7ce4 7.1/en/os/alpha/glibc-profile-2.2.4-27.alp=
ha.rpm
01be31be9c13facb3f88b3717c0e3319 7.1/en/os/alpha/nscd-2.2.4-27.alpha.rpm
de454e55e66522bd40739370092422ba 7.1/en/os/alphaev6/glibc-2.2.4-27.alphaev6=
.rpm
eeafe747b480543489d3d91c496af3bc 7.1/en/os/i386/glibc-2.2.4-27.i386.rpm
b75ad5323c294daf1dc53c8bd74bdae2 7.1/en/os/i386/glibc-common-2.2.4-27.i386.=
rpm
75ddc348fa944e0df55bb8351a0988e3 7.1/en/os/i386/glibc-devel-2.2.4-27.i386.r=
pm
915abdc16175ec8ee07adbaf406b563d 7.1/en/os/i386/glibc-profile-2.2.4-27.i386=
.rpm
8c4b8d913b56910d1eb043cd8fb7dadf 7.1/en/os/i386/nscd-2.2.4-27.i386.rpm
8c33fbd6a3a0e40c22e8892a624bd398 7.1/en/os/i686/glibc-2.2.4-27.i686.rpm
c5a61c4a96e0c89cb94c5755b9d640df 7.1/en/os/ia64/glibc-2.2.4-27.ia64.rpm
2753a1d09ef0294dd611283a6dc01279 7.1/en/os/ia64/glibc-common-2.2.4-27.ia64.=
rpm
175abe8553824db00c84fd7ba23150d6 7.1/en/os/ia64/glibc-devel-2.2.4-27.ia64.r=
pm
f3774fb87287ad7cd9e083d062cda348 7.1/en/os/ia64/glibc-profile-2.2.4-27.ia64=
.rpm
7e7c12abfea5507a0a5cc8744072c747 7.1/en/os/ia64/nscd-2.2.4-27.ia64.rpm
8b5c7cb9220631e68050637383b9c29d 7.2/en/os/SRPMS/glibc-2.2.4-27.src.rpm
eeafe747b480543489d3d91c496af3bc 7.2/en/os/i386/glibc-2.2.4-27.i386.rpm
b75ad5323c294daf1dc53c8bd74bdae2 7.2/en/os/i386/glibc-common-2.2.4-27.i386.=
rpm
75ddc348fa944e0df55bb8351a0988e3 7.2/en/os/i386/glibc-devel-2.2.4-27.i386.r=
pm
915abdc16175ec8ee07adbaf406b563d 7.2/en/os/i386/glibc-profile-2.2.4-27.i386=
.rpm
8c4b8d913b56910d1eb043cd8fb7dadf 7.2/en/os/i386/nscd-2.2.4-27.i386.rpm
8c33fbd6a3a0e40c22e8892a624bd398 7.2/en/os/i686/glibc-2.2.4-27.i686.rpm
c5a61c4a96e0c89cb94c5755b9d640df 7.2/en/os/ia64/glibc-2.2.4-27.ia64.rpm
2753a1d09ef0294dd611283a6dc01279 7.2/en/os/ia64/glibc-common-2.2.4-27.ia64.=
rpm
175abe8553824db00c84fd7ba23150d6 7.2/en/os/ia64/glibc-devel-2.2.4-27.ia64.r=
pm
f3774fb87287ad7cd9e083d062cda348 7.2/en/os/ia64/glibc-profile-2.2.4-27.ia64=
.rpm
7e7c12abfea5507a0a5cc8744072c747 7.2/en/os/ia64/nscd-2.2.4-27.ia64.rpm
9c2d0f4717f4931ff3d233ef44cfa5b1 7.3/en/os/SRPMS/glibc-2.2.5-37.src.rpm
b3e14c27d1f337107662cffe8111ffb4 7.3/en/os/i386/glibc-2.2.5-37.i386.rpm
318a0e614f31b4ea63ea122ffc9b0abc 7.3/en/os/i386/glibc-common-2.2.5-37.i386.=
rpm
c11c152ffb7b98e3ada86ef89b21060b 7.3/en/os/i386/glibc-debug-2.2.5-37.i386.r=
pm
8f7403eb789e624a91a5728c752ffb7e 7.3/en/os/i386/glibc-debug-static-2.2.5-37=
.i386.rpm
1364e6e500af53789f94a845d7201745 7.3/en/os/i386/glibc-devel-2.2.5-37.i386.r=
pm
977f0364e31ef240375d5dc3abce27c9 7.3/en/os/i386/glibc-profile-2.2.5-37.i386=
.rpm
702c9e2f376d9d10829961b29d1e3fd3 7.3/en/os/i386/glibc-utils-2.2.5-37.i386.r=
pm
aa3e2f88f60ca8e8566d45a8e8bf6218 7.3/en/os/i386/nscd-2.2.5-37.i386.rpm
854b21baba0b4b32963bc322fe59ffc2 7.3/en/os/i686/glibc-2.2.5-37.i686.rpm
0d488fae1d4248bbd1727c402143d5f6 7.3/en/os/i686/glibc-debug-2.2.5-37.i686.r=
pm
=20
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/about/contact/pgpkey.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
http://www.cert.org/advisories/CA-2002-19.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2002-0684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2002-0651
Copyright(c) 2000, 2001, 2002 Red Hat, Inc.
