Fedora Legacy Test Update Notification: glibc

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Sep 15 02:00:25 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-152848
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152848
2005-09-14
---------------------------------------------------------------------

Name        : glibc
Versions    : rh73: glibc-2.2.5-44.legacy.6
Versions    : rh9: glibc-2.3.2-27.9.7.2.legacy
Versions    : fc1: glibc-2.3.2-101.4.2.legacy
Versions    : fc2: glibc-2.3.3-27.1.1.legacy
Summary     : The GNU libc libraries.
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

---------------------------------------------------------------------
Update Information:

Updated glibc packages that address several bugs are now available.

The GNU libc packages (known as glibc) contain the standard C libraries
used by applications.

Flaws in the catchsegv and glibcbug scripts were discovered. A local
user could utilize these flaws to overwrite files via a symlink attack
on temporary files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0968 and CAN-2004-1382
to these issues.

It was discovered that the use of LD_DEBUG and LD_SHOW_AUXV were not
restricted for a setuid program. A local user could utilize this flaw to
gain information, such as the list of symbols used by the program. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1453 to this issue.

Users of glibc are advised to upgrade to these erratum packages that
remove the unecessary glibcbug script and contain backported patches to
correct these other issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Mon Aug 15 2005 Pekka Savola <pekkas at netcore.fi> 2.2.4-44.legacy.6
- fix i686 build issue (a couple of misplaced extra %patch lines)

* Sun May 01 2005 Pekka Savola <pekkas at netcore.fi> 2.2.4-44.legacy.5
- add glibc-2.2.4-nscd-hstcache.patch to fix gethostbyaddr/gethostbyname
  caching issues, #156048.  Patch from RHEL21.

* Sat Apr 30 2005 Pekka Savola <pekkas at netcore.fi> 2.2.4-44.legacy.4
- fix CAN-2004-0968, CAN-2004-1382, and CAN-2004-1453 (#152848)

rh9:
* Sat Apr 30 2005 Pekka Savola <pekkas at netcore.fi> 2.3.2-27.9.7.1.legacy
- fix CAN-2004-0968, CAN-2004-1382, and CAN-2004-1453 (#152848)
- Unbreak IPv6 reverse lookups, broken by errata 2.3.2-27.9.2

fc1:
* Sat Apr 30 2005 Pekka Savola <pekkas at netcore.fi> 2.3.2-101.4.1.legacy
- fix CAN-2004-0968, CAN-2004-1382, and CAN-2004-1453 (#152848)
- Unbreak IPv6 reverse lookups, broken by errata 2.3.2-27.9.2

fc2:
* Wed Jul 20 2005 Pekka Savola <pekkas at netcore.fi> 2.3.3-27.1.1.legacy
- Fix LD_DEBUG leak (CAN-2004-1453), #152848

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
76bcec5fdd862df2fffaeeaeacbfcd8c53dd6a28
redhat/7.3/updates-testing/i386/glibc-2.2.5-44.legacy.6.i386.rpm
79dd43763e464959889867bb5f28c0935d31e401
redhat/7.3/updates-testing/i386/glibc-2.2.5-44.legacy.6.i686.rpm
f83509fe544e517cfa5f40829b2921155eed6930
redhat/7.3/updates-testing/i386/glibc-common-2.2.5-44.legacy.6.i386.rpm
a4065db0ddfcec1a95dade4756b7af76da487059
redhat/7.3/updates-testing/i386/glibc-debug-2.2.5-44.legacy.6.i386.rpm
a88e249e0747927d7b0607f24202f4772c2f5f51
redhat/7.3/updates-testing/i386/glibc-debug-2.2.5-44.legacy.6.i686.rpm
bbd6858e1409960769b945af03f13e0732b35ec2
redhat/7.3/updates-testing/i386/glibc-debug-static-2.2.5-44.legacy.6.i386.rpm
4f76f3f2267edb91ac130ad18942b34741314914
redhat/7.3/updates-testing/i386/glibc-devel-2.2.5-44.legacy.6.i386.rpm
3996fc2d6e306a127d03d468bde83e821b6ca2f9
redhat/7.3/updates-testing/i386/glibc-profile-2.2.5-44.legacy.6.i386.rpm
2916fbe09c40b3961add814aaebda7e651799342
redhat/7.3/updates-testing/i386/glibc-utils-2.2.5-44.legacy.6.i386.rpm
2250cf7ccb19268cc5b103d17512f877a1e9756d
redhat/7.3/updates-testing/i386/nscd-2.2.5-44.legacy.6.i386.rpm
d3178ba384c31d0e4b53b7c79f8c1f3d4f2e63c2
redhat/7.3/updates-testing/SRPMS/glibc-2.2.5-44.legacy.6.src.rpm

rh9:
6b01d43cc41177a83c765862be0e3802df307c61
redhat/9/updates-testing/i386/glibc-2.3.2-27.9.7.2.legacy.i386.rpm
b4c28abc5d318f53f22772bc069665adc4f9d5f3
redhat/9/updates-testing/i386/glibc-2.3.2-27.9.7.2.legacy.i686.rpm
8ea462b77d16513f0623409219cb297fa95fe6ba
redhat/9/updates-testing/i386/glibc-common-2.3.2-27.9.7.2.legacy.i386.rpm
94c1f526eed545959a9b60ac79deef88c0c5c9a0
redhat/9/updates-testing/i386/glibc-debug-2.3.2-27.9.7.2.legacy.i386.rpm
b8fe3480b249761c468d4019c3b9ac0358068475
redhat/9/updates-testing/i386/glibc-devel-2.3.2-27.9.7.2.legacy.i386.rpm
a01030615e5b874b4225e9cad4e1c9ccc2f4bb33
redhat/9/updates-testing/i386/glibc-profile-2.3.2-27.9.7.2.legacy.i386.rpm
d20ce4f39ed7ffc6c8cb81c8a84b229a2158d81e
redhat/9/updates-testing/i386/glibc-utils-2.3.2-27.9.7.2.legacy.i386.rpm
e20b1e22cfbc1c0eed675b6b6d99ca8d0213f725
redhat/9/updates-testing/i386/nptl-devel-2.3.2-27.9.7.2.legacy.i686.rpm
8684b6e78d7230f8708e5e2a016264baf6ab7ac7
redhat/9/updates-testing/i386/nscd-2.3.2-27.9.7.2.legacy.i386.rpm
5afb7ec9ec9f9b3bb36d372104ec647d7c6d9ebb
redhat/9/updates-testing/SRPMS/glibc-2.3.2-27.9.7.2.legacy.src.rpm

fc1:
ef743504f28c797cd9a807dd8a769a837eda8525
fedora/1/updates-testing/i386/glibc-2.3.2-101.4.2.legacy.i386.rpm
c3dd3abcc811671d63f6033e3ed3ee9806ad0f93
fedora/1/updates-testing/i386/glibc-2.3.2-101.4.2.legacy.i686.rpm
cf814c1e573db45e76b63bce49b40876fdd42e28
fedora/1/updates-testing/i386/glibc-common-2.3.2-101.4.2.legacy.i386.rpm
4af7cb248abe614adace704520ab969717d8056b
fedora/1/updates-testing/i386/glibc-debug-2.3.2-101.4.2.legacy.i386.rpm
00809ff8abcf096091592e065dbc859a1fc413bd
fedora/1/updates-testing/i386/glibc-devel-2.3.2-101.4.2.legacy.i386.rpm
8417a8697d7929e866cd48be44bcd4e9b29ef8a2
fedora/1/updates-testing/i386/glibc-headers-2.3.2-101.4.2.legacy.i386.rpm
309bb357b23d00d858b73a132af556862ce735fc
fedora/1/updates-testing/i386/glibc-profile-2.3.2-101.4.2.legacy.i386.rpm
c7add2f20742acab29c47ec7f42bc789d6111aec
fedora/1/updates-testing/i386/glibc-utils-2.3.2-101.4.2.legacy.i386.rpm
5108e73e4fce7fda4c383a5f4a360a2ec3632a4e
fedora/1/updates-testing/i386/nptl-devel-2.3.2-101.4.2.legacy.i686.rpm
ca70e82a96ad014145357feb9b8b3222314afd7e
fedora/1/updates-testing/i386/nscd-2.3.2-101.4.2.legacy.i386.rpm
30cec9b26bb5341afbb6b7698b3c092e395acb65
fedora/1/updates-testing/SRPMS/glibc-2.3.2-101.4.2.legacy.src.rpm

fc2:
9ea2cf3d307635ed6be265077ec9594d73030c71
fedora/2/updates-testing/i386/glibc-2.3.3-27.1.1.legacy.i386.rpm
120833cba0615427157a51f69a6e73403f788667
fedora/2/updates-testing/i386/glibc-2.3.3-27.1.1.legacy.i686.rpm
d3c27007cab83e778ba7ba5c752077b865c7d618
fedora/2/updates-testing/i386/glibc-common-2.3.3-27.1.1.legacy.i386.rpm
ccc5d22e66a7c435b0e1008704ee16856e4717ec
fedora/2/updates-testing/i386/glibc-devel-2.3.3-27.1.1.legacy.i386.rpm
b11bd48eee48b1b2fd6cc9d52bbbc01247533bb0
fedora/2/updates-testing/i386/glibc-headers-2.3.3-27.1.1.legacy.i386.rpm
2a3c79e2f428742dfef1f15a1bbc64a80c48491e
fedora/2/updates-testing/i386/glibc-profile-2.3.3-27.1.1.legacy.i386.rpm
081977a5f9cd0812cd1db6230ff51782d17c83e0
fedora/2/updates-testing/i386/glibc-utils-2.3.3-27.1.1.legacy.i386.rpm
be2cc7c357c799a8ad8288e3c99d9c53ea89692e
fedora/2/updates-testing/i386/nptl-devel-2.3.3-27.1.1.legacy.i686.rpm
d1a9e1c189d58b74a318dd1908cf6b9c0202ac9b
fedora/2/updates-testing/i386/nscd-2.3.3-27.1.1.legacy.i386.rpm
baafd5d75a788cc578f24fb83280052f3b8422db
fedora/2/updates-testing/SRPMS/glibc-2.3.3-27.1.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050914/0d325f0c/attachment.sig>

More information about the fedora-legacy-list mailing list