Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalati

From Florian Weimer@1:229/2 to All on Fri Oct 22 19:10:01 2010

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-2122-1 [email protected] http://www.debian.org/security/ Florian Weimer October 22, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : glibc
Vulnerability : missing input sanitization
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2010-3847 CVE-2010-3856
Debian Bug : 600667

Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU
libc allows local users to gain root privileges using a crafted
LD_AUDIT environment variable.

For the stable distribution (lenny), this problem has been fixed in
version 2.7-18lenny6.

For the upcoming stable distribution (squeeze), this problem has been
fixed in version 2.11.2-6+squeeze1 of the eglibc package.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your glibc packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7.orig.tar.gz
Size/MD5 checksum: 15386750 8816fbab13a072c0ccef6640c9d20833
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny6.dsc
Size/MD5 checksum: 2864 0a5bae105aada2473191dd8706b4ee3f
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny6.diff.gz
Size/MD5 checksum: 767588 3421a1ff8874348dae35cdf58f447036

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.7-18lenny6_all.deb
Size/MD5 checksum: 1629030 8f65d80bdb65e1fcefe13a0f67bb350e
http://security.debian.org/pool/updates/main/g/glibc/locales_2.7-18lenny6_all.deb
Size/MD5 checksum: 4432002 d805e02d461e67f5df3c4dfd87d5ed60
http://security.debian.org/pool/updates/main/g/glibc/glibc-source_2.7-18lenny6_all.deb
Size/MD5 checksum: 16008612 5e40f562173996225e7e6145d60aeeba

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny6_alpha.udeb
Size/MD5 checksum: 10598 0d8d9de0d9a1ec2bca4c23fc7f8cbf55
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny6_alpha.deb
Size/MD5 checksum: 5184504 66f0a51bc250550f677e7ae6a3032d0a
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny6_alpha.deb
Size/MD5 checksum: 1769546 ef42037cfcb204b3335945ed7b5a1c85
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny6_alpha.deb
Size/MD5 checksum: 2785836 89667d60330729285695c432ed4abcc8
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny6_alpha.udeb
Size/MD5 checksum: 1264184 e70f66d132ebe98e6e0f2606b4ca7121
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny6_alpha.deb
Size/MD5 checksum: 177554 517af3bee8605c24c28149ed0fa846bb
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny6_alpha.udeb
Size/MD5 checksum: 18208 874fac32cc088d505a8602a53257912f
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-alphaev67_2.7-18lenny6_alpha.deb
Size/MD5 checksum: 1621418 3d2391946aa8adfd971b56929057382e
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny6_alpha.deb
Size/MD5 checksum: 3029300 917d3528ddb06384b0280b53930a16c0
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny6_alpha.deb
Size/MD5 checksum: 2492118 47763d04fe3bcc9f1f699d2dc7f55310
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny6_alpha.deb
Size/MD5 checksum: 5716602 27bf48fd5d0675258055d92c43b6c51f

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny6_amd64.deb
Size/MD5 checksum: 1930488 301009193e3780a911f1e184fce9b87c
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny6_amd64.deb
Size/MD5 checksum: 2491416 13d2fc9d3564f309044ad1ea2c58495a
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny6_amd64.deb
Size/MD5 checksum: 1465870 b621d62248666d277ac0a3f2eaa8b045
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny6_amd64.deb
Size/MD5 checksum: 4811778 7d7b313aa5a62e9740717aca453da85b
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny6_amd64.udeb
Size/MD5 checksum: 18312 e5a0ab207278a9b261a4a344eb8c4e72
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny6_amd64.deb
Size/MD5 checksum: 5310524 d375d550ade43fa25466ef294944b20f
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny6_amd64.udeb
Size/MD5 checksum: 1107334 c858864db43656cb5b7b1336a1dd330a
http://security.debian.org/pool/updates/main/g/glibc/libc6-i386_2.7-18lenny6_amd64.deb
Size/MD5 checksum: 3653662 71f16ba7e73ce2848e91a9f987e0e0c5
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny6_amd64.deb
Size/MD5 checksum: 175502 b5278e6ac5be9509e4022d6230730aaf
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny6_amd64.deb
Size/MD5 checksum: 2668436 bd07d5def2d94fe57ad0a4a61225e4f2
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny6_amd64.udeb
Size/MD5 checksum: 9424 2da7259ac87a89eff1e0c618b134d49d
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-i386_2.7-18lenny6_amd64.deb
Size/MD5 checksum: 1459294 73863f0cc3a77b3ca0ca5329bebbabc0

arm architecture (ARM)

http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny6_arm.udeb
Size/MD5 checksum: 14572 ddab929ec6fa049cf4e52b4735269d16

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sun Jun 7 03:07:26 2026
  from Sydney, Nsw via Telnet
- Krenn
  Sun Jun 7 01:30:12 2026
  from Sydney, Nsw via Telnet
- Centurion
  Sat Jun 6 23:27:30 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (3 / 13)
Uptime:	157:53:23
Calls:	12,094
Calls today:	2
Files:	15,000
Messages:	6,517,755

[SECURITY] [DSA 2122-1] New glibc packages fix local privilege escalati

Who's Online

Recent Visitors

System Info