Slackware Security Advisories
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] glibc (SSA:2010-295-01)
Date: Fri, 22 Oct 2010 14:19:24 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  glibc (SSA:2010-295-01)

New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
and -current to fix a security issue.


Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/glibc-2.11.1-i486-4_slack13.1.txz:  Rebuilt.
  Patched "dynamic linker expands $ORIGIN in setuid library search path".
  This security issue allows a local attacker to gain root if they can create
  a hard link to a setuid root binary.  Thanks to Tavis Ormandy.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
    http://seclists.org/fulldisclosure/2010/Oct/257
  (* Security fix *)
patches/packages/glibc-i18n-2.11.1-i486-4_slack13.1.txz:  Rebuilt.
patches/packages/glibc-profile-2.11.1-i486-4_slack13.1.txz:  Rebuilt.
patches/packages/glibc-solibs-2.11.1-i486-4_slack13.1.txz:  Rebuilt.
patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz:  Rebuilt.
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-2.5-i486-5_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-i18n-2.5-noarch-5_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-profile-2.5-i486-5_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-solibs-2.5-i486-5_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz

Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-2.7-i486-11_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-i18n-2.7-noarch-11_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-profile-2.7-i486-11_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-solibs-2.7-i486-11_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/glibc-zoneinfo-2.7-noarch-11_slack12.1.tgz

Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-2.7-i486-18_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-i18n-2.7-noarch-18_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-profile-2.7-i486-18_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-solibs-2.7-i486-18_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/glibc-zoneinfo-2.7-noarch-18_slack12.2.tgz

Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-2.9-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-i18n-2.9-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-profile-2.9-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-solibs-2.9-i486-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-2.9-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-i18n-2.9-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-profile-2.9-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-solibs-2.9-x86_64-4_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-4_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.12.1-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2.12.1-noarch-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.12.1-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.12.1-i486-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.12.1-i486-2.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.12.1-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2.12.1-noarch-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.12.1-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.12.1-x86_64-2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.12.1-x86_64-2.txz


MD5 signatures:
+-------------+

Slackware 12.0 packages:
fe218536818e92a129c1bc54c939746d  glibc-2.5-i486-5_slack12.0.tgz
44a61910ef911b8577d8ffe6db25a4d0  glibc-i18n-2.5-noarch-5_slack12.0.tgz
646f591a5a7f276d26d1731dff195417  glibc-profile-2.5-i486-5_slack12.0.tgz
a230abf524edc643ce004c1ff64f512b  glibc-solibs-2.5-i486-5_slack12.0.tgz
e6de7535e8271d0db267263915a70e22  glibc-zoneinfo-2.5-noarch-5_slack12.0.tgz

Slackware 12.1 packages:
c0fdd589622cdb60381c2f28f2bfff1a  glibc-2.7-i486-11_slack12.1.tgz
7ce224522417c2aeaa131f915a09e479  glibc-i18n-2.7-noarch-11_slack12.1.tgz
f4a4ad055eb2aa1ecb984917d868b242  glibc-profile-2.7-i486-11_slack12.1.tgz
2cc062234dc826841222e80ce1b4ce06  glibc-solibs-2.7-i486-11_slack12.1.tgz
9a2f1fdf3185bc9ce2e641b6c94bf33b  glibc-zoneinfo-2.7-noarch-11_slack12.1.tgz

Slackware 12.2 packages:
63d1f63892d856a1f809cc8d4b794453  glibc-2.7-i486-18_slack12.2.tgz
f0de3e78497498323f089ddb56ba5f51  glibc-i18n-2.7-noarch-18_slack12.2.tgz
e30bd13da86ef3c127dedb7a31a490fd  glibc-profile-2.7-i486-18_slack12.2.tgz
26c50351c530bc569ed2664aa8ea1ab0  glibc-solibs-2.7-i486-18_slack12.2.tgz
077fcc888ee6ebcfc00018043754d199  glibc-zoneinfo-2.7-noarch-18_slack12.2.tgz

Slackware 13.0 packages:
1b8f954339e7f33b2149193964b83070  glibc-2.9-i486-4_slack13.0.txz
abd450ab5ef57d775561e2a9fc9cc83a  glibc-i18n-2.9-i486-4_slack13.0.txz
82fb6947e1a6cfa49ba633cb85da1970  glibc-profile-2.9-i486-4_slack13.0.txz
dfe9770d051633ba612622651b872912  glibc-solibs-2.9-i486-4_slack13.0.txz
997fc370ffb9c47542371854b77d20f1  glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Slackware x86_64 13.0 packages:
da45460ae0ca09a4ead864e4ec536699  glibc-2.9-x86_64-4_slack13.0.txz
872227d8d5615881c72fd40ee8df685c  glibc-i18n-2.9-x86_64-4_slack13.0.txz
b3862eb5479a8c8a807395267fdf80b0  glibc-profile-2.9-x86_64-4_slack13.0.txz
12bd96ae14d54e30bdb3ef6f7cc233cf  glibc-solibs-2.9-x86_64-4_slack13.0.txz
3c77b4da325e30d1a5b33dd08e8778ff  glibc-zoneinfo-2.9-noarch-4_slack13.0.txz

Slackware 13.1 packages:
a54af004a11c4dd22aac80a1987a2eb6  glibc-2.11.1-i486-4_slack13.1.txz
0d5b3848b6ca455e40acaeb5f96e171e  glibc-i18n-2.11.1-i486-4_slack13.1.txz
e139fea062d772e1777e74c657101f82  glibc-profile-2.11.1-i486-4_slack13.1.txz
5587f6b82dc3e2f8e7644500c98587ec  glibc-solibs-2.11.1-i486-4_slack13.1.txz
eac27b0a86c8d214356f4c129d9a7272  glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Slackware x86_64 13.1 packages:
304f9204bef835b10840b71fcaad4354  glibc-2.11.1-x86_64-4_slack13.1.txz
bca59e40ffcf3069c70eb15947eb04e9  glibc-i18n-2.11.1-x86_64-4_slack13.1.txz
03f09bf10f5a61285b5bfdf9e2009137  glibc-profile-2.11.1-x86_64-4_slack13.1.txz
27bb1cac7066a76dab2f04a2fcb3a14c  glibc-solibs-2.11.1-x86_64-4_slack13.1.txz
236372130178abc826e09eaa12dd7db5  glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz

Slackware -current packages:
39b8c96ef2161c86cd13ee8fd240bf97  a/glibc-solibs-2.12.1-i486-2.txz
f26f8165f418b0d8120ee3d44c0dbd14  a/glibc-zoneinfo-2.12.1-noarch-2.txz
d7ef55b89b6c5d350d81e377317a6610  l/glibc-2.12.1-i486-2.txz
bcf549bf173537bef56e823216a2eb59  l/glibc-i18n-2.12.1-i486-2.txz
77da2dd0aa8504b8446638282bfd39a6  l/glibc-profile-2.12.1-i486-2.txz

Slackware x86_64 -current packages:
046aa5bccd77f9b7ab8be35a609d20b5  a/glibc-solibs-2.12.1-x86_64-2.txz
07c3df0db68615c529b90a31ba9125eb  a/glibc-zoneinfo-2.12.1-noarch-2.txz
60049dd502b2ad4d1ffd9f0e4c5790cf  l/glibc-2.12.1-x86_64-2.txz
2ff8df667920817e2654f6af3f3787fa  l/glibc-i18n-2.12.1-x86_64-2.txz
728482177fec580983a40eaa7d1a88ee  l/glibc-profile-2.12.1-x86_64-2.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg glibc-*.t?z


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzB/2EACgkQakRjwEAQIjOr4wCfX9lc755dUUqxo+Fvt5AS4udK
IFMAn3nGstluhmFTBg3U9qAp1OUrxuZ5
=mynv
-----END PGP SIGNATURE-----

Slackware™ is a trademark of Patrick Volkerding.