From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1973-1
[email protected] http://www.debian.org/security/ Aurelien Jarno
January 19, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : glibc, eglibc
Vulnerability : information disclosure
Problem type : local
Debian-specific: no
CVE Id : CVE-2010-0015
Debian Bug : 560333
Christoph Pleger has discovered that the GNU C Library (aka glibc) and
its derivatives add information from the passwd.adjunct.byname map to
entries in the passwd map, which allows local users to obtain the
encrypted passwords of NIS accounts by calling the getpwnam function.
For the oldstable distribution (etch), this problem has been fixed in
version 2.3.6.ds1-13etch10 of the glibc package.
For the stable distribution (lenny), this problem has been fixed in
version 2.7-18lenny2 of the glibc package.
For the unstable distribution (sid) this problem has been fixed in
version 2.10.2-4 of the eglibc package.
We recommend that you upgrade your glibc or eglibc package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ---------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.3.6.ds1-13etch10.dsc
Size/MD5 checksum: 2194 3985b011708649359ca02ddb917e66b0
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.3.6.ds1-13etch10.diff.gz
Size/MD5 checksum: 920950 fda680921e06d9448442c0e40a82b4fa
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.3.6.ds1.orig.tar.gz
Size/MD5 checksum: 13307585 d5e6ffe51e49ab29d513e600fb87cf54
Architecture independent packages:
http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.3.6.ds1-13etch10_all.deb
Size/MD5 checksum: 1480556 cf597752b310168ddbe626ee79671a33
http://security.debian.org/pool/updates/main/g/glibc/locales_2.3.6.ds1-13etch10_all.deb
Size/MD5 checksum: 4009500 c2a534de63b9f6ee1e76f65abc49feb8
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.3.6.ds1-13etch10_alpha.deb
Size/MD5 checksum: 4159642 3b121212db334fed297fcf6dab3c3680
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_alpha.deb
Size/MD5 checksum: 148272 d502d4869c0cf089c27648410d092213
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_alpha.deb
Size/MD5 checksum: 6200126 a982e949961fe1481e0e990692dbb51b
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.3.6.ds1-13etch10_alpha.udeb
Size/MD5 checksum: 1065688 57bcd95f817ac7452f19a78978abfcf0
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.3.6.ds1-13etch10_alpha.deb
Size/MD5 checksum: 2001318 2b907dc3c2b8dd7561b2217f783f4c95
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.3.6.ds1-13etch10_alpha.deb
Size/MD5 checksum: 1500858 3f54c6f851e41c13d3bff64e59bd0e1f
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.3.6.ds1-13etch10_alpha.deb
Size/MD5 checksum: 5237256 a2cb93e373aaecda3ffb07d3f67e96c4
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_alpha.udeb
Size/MD5 checksum: 10344 7c4cf8e44d6686cd2912a3f5ec64a8aa
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.3.6.ds1-13etch10_alpha.deb
Size/MD5 checksum: 2516890 d8709d8f6fdb5f2168b08ad75c5fa509
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_alpha.udeb
Size/MD5 checksum: 17140 5ea877d43c6e28a664fe065f1c814a60
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_amd64.udeb
Size/MD5 checksum: 17204 b4cf2e844a92b8958c45e7fcbd79fdab
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_amd64.deb
Size/MD5 checksum: 4182738 7aba28d40da5e8e0bfc8967e0bac9314
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_amd64.deb
Size/MD5 checksum: 1578072 1363a2983499d4c5d83cb089811a9836
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_amd64.deb
Size/MD5 checksum: 2297644 69157cc8bb0a67cb6ee2f39e6fd5dd79
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_amd64.udeb
Size/MD5 checksum: 9576 c4639597ffbbf5131c00e0e94ab2d7bb
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_amd64.deb
Size/MD5 checksum: 6170032 59554e22ee31ae0dd53a67e0c6df4061
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-i386_2.3.6.ds1-13etch10_amd64.deb
Size/MD5 checksum: 1586184 785fef40e67134584794e6a086395387
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_amd64.deb
Size/MD5 checksum: 1405238 8e37a4f86895b494ec7a06e7e35f4442
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_amd64.deb
Size/MD5 checksum: 2119318 8b0eab4f4648dc8d4898f51dc20ac8b1
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_amd64.udeb
Size/MD5 checksum: 1041568 2b32bea003088d26e118c4bbd200b2bd
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_amd64.deb
Size/MD5 checksum: 146764 c79245ecc4da1fd97a487dfda0e0525c
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)