From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2058-1
[email protected] http://www.debian.org/security/ Aurelien Jarno
June 10, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : glibc, eglibc
Vulnerability : multiple
Problem type : remote (local)
Debian-specific: no
CVE Id(s) : CVE-2008-1391 CVE-2009-4880, CVE-2009-4881
CVE-2010-0296 CVE-2010-0830
Debian Bug : 583908
Several vulnerabilities have been discovered in the GNU C Library (aka
glibc) and its derivatives. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2008-1391, CVE-2009-4880, CVE-2009-4881
Maksymilian Arciemowicz discovered that the GNU C library did not
correctly handle integer overflows in the strfmon family of
functions. If a user or automated system were tricked into
processing a specially crafted format string, a remote attacker
could crash applications, leading to a denial of service.
CVE-2010-0296
Jeff Layton and Dan Rosenberg discovered that the GNU C library did
not correctly handle newlines in the mntent family of functions. If
a local attacker were able to inject newlines into a mount entry
through other vulnerable mount helpers, they could disrupt the
system or possibly gain root privileges.
CVE-2010-0830
Dan Rosenberg discovered that the GNU C library did not correctly
validate certain ELF program headers. If a user or automated system
were tricked into verifying a specially crafted ELF program, a
remote attacker could execute arbitrary code with user privileges.
For the stable distribution (lenny), these problems have been fixed in
version 2.7-18lenny4 of the glibc package.
For the testing distribution (squeeze), these problems will be fixed soon.
For the unstable distribution (sid), these problems has been fixed in
version 2.1.11-1 of the eglibc package.
We recommend that you upgrade your glibc or eglibc packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny4.diff.gz
Size/MD5 checksum: 749289 dcb022bd274969ef458933d45b06cca8
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7.orig.tar.gz
Size/MD5 checksum: 15386750 8816fbab13a072c0ccef6640c9d20833
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny4.dsc
Size/MD5 checksum: 2564 f5b705bcda1bc7674aa33fb07f417f98
Architecture independent packages:
http://security.debian.org/pool/updates/main/g/glibc/glibc-source_2.7-18lenny4_all.deb
Size/MD5 checksum: 16007014 fd3b316ef085ea9ce71dc67fefd92dc0
http://security.debian.org/pool/updates/main/g/glibc/locales_2.7-18lenny4_all.deb
Size/MD5 checksum: 4488186 b9beabe612fbfb014faadef6543e7fab
http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.7-18lenny4_all.deb
Size/MD5 checksum: 1629166 da396340195ba0214d1d7827ed225341
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny4_alpha.deb
Size/MD5 checksum: 1769494 7082c894a96d6fdc009e15c7773c3108
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny4_alpha.deb
Size/MD5 checksum: 5716658 7ab5b5510afdbeb0e20ccc2ae1df1778
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_alpha.udeb
Size/MD5 checksum: 18210 e65e4f7d9f55c3e6974fe2112ed076a2
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny4_alpha.deb
Size/MD5 checksum: 3029160 d05c22d8263423dbc334a60c04acec89
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_alpha.udeb
Size/MD5 checksum: 10600 c6af958e690622f8a204ed1401f44ce9
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny4_alpha.deb
Size/MD5 checksum: 5184660 a1f37830cb0ae5ee79bf479cc92094e4
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny4_alpha.deb
Size/MD5 checksum: 2491830 e3e70cb621bd954acb41700e7fb00fba
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_alpha.deb
Size/MD5 checksum: 177484 c350540ea1beb15e5a49b39a72a4d230
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-alphaev67_2.7-18lenny4_alpha.deb
Size/MD5 checksum: 1621366 d77b66d4fa5900d12a756c808d61ce5d
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_alpha.deb
Size/MD5 checksum: 2787424 6f6d688cc842bd300026c5dd419eeb4f
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny4_alpha.udeb
Size/MD5 checksum: 1264256 0e6f61da8287a1be45e8f40f659d4200
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-i386_2.7-18lenny4_amd64.deb
Size/MD5 checksum: 1460218 4dac6728d0871d40df88dde09416ee53
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_amd64.deb
Size/MD5 checksum: 2666642 e7e12628c095b56bc66bd1fbb7bb9a1a
http://security.debian.org/pool/updates/main/g/glibc/libc6-i386_2.7-18lenny4_amd64.deb
Size/MD5 checksum: 3777974 3a08b45214739c18109aa80ee3957c5c
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_amd64.deb
Size/MD5 checksum: 5330838 02ca70069fe3c8186d5b15add9979a31
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_amd64.deb
Size/MD5 checksum: 4961058 f6bc2c4255027b03177a96b48a996e95
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)