Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2004.0802 -- RHSA-2004:586-01 Updated glibc packages fix symlink vulnerability 21 December 2004 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: glibc Publisher: Red Hat Operating System: Red Hat Enterprise Linux AS/ES/WS 3 Red Hat Desktop version 3 Impact: Overwrite Arbitrary Files Access: Existing Account CVE Names: CAN-2004-0968 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated glibc packages Advisory ID: RHSA-2004:586-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2004-586.html Issue date: 2004-12-20 Updated on: 2004-12-20 Product: Red Hat Enterprise Linux Keywords: glibc Obsoletes: RHBA-2004:384-11 CVE Names: CAN-2004-0968 - - --------------------------------------------------------------------- 1. Summary: Updated glibc packages that address several bugs and implement some enhancements are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, i686, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, i686, x86_64 Red Hat Enterprise Linux ES version 3 - i386, i686, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, i686, ia64, x86_64 3. Problem description: The GNU libc packages (known as glibc) contain the standard C libraries used by applications. This errata fixes several bugs in the GNU C Library. Fixes include (in addition to enclosed Bugzilla entries): - - - fixed 32-bit atomic operations on 64-bit powerpc - - - fixed -m32 -I /usr/include/nptl compilation on AMD64 - - - NPTL <pthread.h> should now be usable in C++ code or -pedantic -std=c89 C - - - rwlocks are now available also in the _POSIX_C_SOURCE=200112L namespace - - - pthread_once is no longer throw(), as the callback routine might throw - - - pthread_create now correctly returns EAGAIN when thread couldn't be created because of lack of memory - - - fixed NPTL stack freeing in case of pthread_create failure with detached thread - - - fixed pthread_mutex_timedlock on i386 and AMD64 - - - Itanium gp saving fix in linuxthreads - - - fixed s390/s390x unwinding tests done during cancellation if stack frames are small - - - fixed fnmatch(3) backslash handling - - - fixed out of memory behaviour of syslog(3) - - - resolver ID randomization - - - fixed fim (NaN, NaN) - - - glob(3) fixes for dangling symlinks - - - catchsegv fixed to work with both 32-bit and 64-bit binaries on x86-64, s390x and ppc - - - fixed reinitialization of _res when using NPTL stack cache - - - updated bug reporting instructions, removed glibcbug script - - - fixed infinite loop in iconv with some options - - - fixed inet_aton return value - - - CPU friendlier busy waiting in linuxthreads on EM64T and IA-64 - - - avoid blocking/masking debug signal in linuxthreads - - - fixed locale program output when neither LC_ALL nor LANG is set - - - fixed using of unitialized memory in localedef - - - fixed mntent_r escape processing - - - optimized mtrace script - - - linuxthread_db fixes on ppc64 - - - cfi instructions in x86-64 linuxthreads vfork - - - some _POSIX_C_SOURCE=200112L namespace fixes All users of glibc should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 123583 - getnameinfo does not use /etc/hosts for lookup of V4MAPPED addresses 132816 - glibc in RHEL 3 needs to have syslog.c updated to cvs version 1.42 132204 - glibc-nis-performance.patch causes gdm to hang 118574 - malloc exhausts memory to fast in mulithreaded program 127606 - __builtin_expect's prototype does not expect int args; assert feeds it just that 103415 - Weird string in date printing 136726 - RHEL3 U5: execvp fails if ENODEV encountered during PATH search 135234 - Problem with gethostbyaddr with latest UDP 136318 - CAN-2004-0968 temporary file vulnerabilities in catchsegv script 130254 - glibc's traceback() fails when called from an exception handler 116428 - RHEL3 U4: statfs64 132654 - LTC10984 - 1.3.1 Linux JVM hanging on RedHat EL 3 update 3 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/glibc-2.3.2-95.30.src.rpm d15df5dfa2e74b1a4abbb70e56dd25e4 glibc-2.3.2-95.30.src.rpm i386: fe7ce95c7354c232491d6f05cb27395d glibc-2.3.2-95.30.i386.rpm 98de4c318ef0e4febdb58bf41bcea1d8 glibc-common-2.3.2-95.30.i386.rpm 310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm 3fb18bb2724baaf3254d9caaad9e7178 glibc-headers-2.3.2-95.30.i386.rpm 636317c552cea1a9630965f6e45f899c glibc-profile-2.3.2-95.30.i386.rpm 236418cf2a6a14cd76476bcac3a8993a glibc-utils-2.3.2-95.30.i386.rpm 64c4149f810e256e8d06b103c0d8c363 nscd-2.3.2-95.30.i386.rpm i686: 6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm 728500d49aee5022dca86339917da96e nptl-devel-2.3.2-95.30.i686.rpm ia64: 369fe6766b2a26d6343a926f4c780ef0 glibc-2.3.2-95.30.ia64.rpm 6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm df3a5511e22cb01ce6b2b5707c533462 glibc-common-2.3.2-95.30.ia64.rpm cc3df97be2243e442e101b2d9c3fea01 glibc-devel-2.3.2-95.30.ia64.rpm cd00415e215a6cf6a25ff93163ed7cbe glibc-headers-2.3.2-95.30.ia64.rpm ca3dc0c2dbfa6b9b71ae381f8a1a9071 glibc-profile-2.3.2-95.30.ia64.rpm 61d769397f3d56f5ca68e3dc39d85183 glibc-utils-2.3.2-95.30.ia64.rpm e7a7775d1524d0d06293bd70a3219f48 nptl-devel-2.3.2-95.30.ia64.rpm 4f08dd1c11db6642008537f00f052039 nscd-2.3.2-95.30.ia64.rpm ppc: 35b630a847e98347eb99378e399a4173 glibc-2.3.2-95.30.ppc.rpm 0342f43284d8e5364d40671dd1f39a7f glibc-common-2.3.2-95.30.ppc.rpm 27174c0559d4b834801eaceb0951519b glibc-devel-2.3.2-95.30.ppc.rpm f2591e55453597b498e6305bf6573dd8 glibc-headers-2.3.2-95.30.ppc.rpm 9aa2fb865c592acc99f619efee28fb91 glibc-profile-2.3.2-95.30.ppc.rpm d6d6dda1dff4ec5955f5f071448231cb glibc-utils-2.3.2-95.30.ppc.rpm 9eb568271b79c4a74a6c820cec1bccac nptl-devel-2.3.2-95.30.ppc.rpm 6be684c35aca2c6a832e07669dacfa13 nscd-2.3.2-95.30.ppc.rpm ppc64: f104ae96d787c07ec040e1d2f3af0e97 glibc-2.3.2-95.30.ppc64.rpm 98efde8788fb7dcfd4b9a6998bb811b0 glibc-devel-2.3.2-95.30.ppc64.rpm s390: e5d99ebe60b40dca7df6f422f92c423c glibc-2.3.2-95.30.s390.rpm 2c65559d9f8610664ffbcb746c37f475 glibc-common-2.3.2-95.30.s390.rpm 04353d1ad4afb81c338d1df644e749c1 glibc-devel-2.3.2-95.30.s390.rpm 183b1a623ef6e036f682a37a1f9fa10a glibc-headers-2.3.2-95.30.s390.rpm 43101d9b283ab6a84eb742b7d76bac75 glibc-profile-2.3.2-95.30.s390.rpm 8af2adc42acfa724b3e899209dc9e0a8 glibc-utils-2.3.2-95.30.s390.rpm 6a110224af8cf2bd76f5588439f63b62 nptl-devel-2.3.2-95.30.s390.rpm 90278c8c9895a35425f9cc9bbadeda61 nscd-2.3.2-95.30.s390.rpm s390x: 035f10c1dea0b14d3016a761716211ae glibc-2.3.2-95.30.s390x.rpm e5d99ebe60b40dca7df6f422f92c423c glibc-2.3.2-95.30.s390.rpm 7597b0648938e3fec4f1e489358d3edc glibc-common-2.3.2-95.30.s390x.rpm 9db1a132a7c23eae94aa7ccd80c8c14b glibc-devel-2.3.2-95.30.s390x.rpm 04353d1ad4afb81c338d1df644e749c1 glibc-devel-2.3.2-95.30.s390.rpm 6060c9fb082d112ecb2b02b9b12444e7 glibc-headers-2.3.2-95.30.s390x.rpm d73d83f30399d40abe2420eee6306235 glibc-profile-2.3.2-95.30.s390x.rpm a7ea709dadb4ec1d04d9d4964a55a18d glibc-utils-2.3.2-95.30.s390x.rpm 8d1f52855b2473a7750eb8280054dd78 nptl-devel-2.3.2-95.30.s390x.rpm 85ed7ba3006ba2ad471a95cfd9d0807d nscd-2.3.2-95.30.s390x.rpm x86_64: 8fbaabf048605769292dce75ec872c16 glibc-2.3.2-95.30.x86_64.rpm 6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm 50b56f52e724972728bd9c3fe966d09d glibc-common-2.3.2-95.30.x86_64.rpm 1bb80a3b886f01dbaa686d1a35ca587e glibc-devel-2.3.2-95.30.x86_64.rpm 310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm bc8bfbf3e8882548beb3cb5e8b4baa63 glibc-headers-2.3.2-95.30.x86_64.rpm 61bc8045440d3cdbfa424edfb6398d05 glibc-profile-2.3.2-95.30.x86_64.rpm b44f7d721f2a00f2832f6d973c9f6bf9 glibc-utils-2.3.2-95.30.x86_64.rpm 6ce9f413f4033200d3ece849c57ce908 nptl-devel-2.3.2-95.30.x86_64.rpm 0a246d37cf5b641cca48fff2c1006279 nscd-2.3.2-95.30.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/glibc-2.3.2-95.30.src.rpm d15df5dfa2e74b1a4abbb70e56dd25e4 glibc-2.3.2-95.30.src.rpm i386: fe7ce95c7354c232491d6f05cb27395d glibc-2.3.2-95.30.i386.rpm 98de4c318ef0e4febdb58bf41bcea1d8 glibc-common-2.3.2-95.30.i386.rpm 310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm 3fb18bb2724baaf3254d9caaad9e7178 glibc-headers-2.3.2-95.30.i386.rpm 636317c552cea1a9630965f6e45f899c glibc-profile-2.3.2-95.30.i386.rpm 236418cf2a6a14cd76476bcac3a8993a glibc-utils-2.3.2-95.30.i386.rpm 64c4149f810e256e8d06b103c0d8c363 nscd-2.3.2-95.30.i386.rpm i686: 6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm 728500d49aee5022dca86339917da96e nptl-devel-2.3.2-95.30.i686.rpm x86_64: 8fbaabf048605769292dce75ec872c16 glibc-2.3.2-95.30.x86_64.rpm 6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm 50b56f52e724972728bd9c3fe966d09d glibc-common-2.3.2-95.30.x86_64.rpm 1bb80a3b886f01dbaa686d1a35ca587e glibc-devel-2.3.2-95.30.x86_64.rpm 310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm bc8bfbf3e8882548beb3cb5e8b4baa63 glibc-headers-2.3.2-95.30.x86_64.rpm 61bc8045440d3cdbfa424edfb6398d05 glibc-profile-2.3.2-95.30.x86_64.rpm b44f7d721f2a00f2832f6d973c9f6bf9 glibc-utils-2.3.2-95.30.x86_64.rpm 6ce9f413f4033200d3ece849c57ce908 nptl-devel-2.3.2-95.30.x86_64.rpm 0a246d37cf5b641cca48fff2c1006279 nscd-2.3.2-95.30.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/glibc-2.3.2-95.30.src.rpm d15df5dfa2e74b1a4abbb70e56dd25e4 glibc-2.3.2-95.30.src.rpm i386: fe7ce95c7354c232491d6f05cb27395d glibc-2.3.2-95.30.i386.rpm 98de4c318ef0e4febdb58bf41bcea1d8 glibc-common-2.3.2-95.30.i386.rpm 310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm 3fb18bb2724baaf3254d9caaad9e7178 glibc-headers-2.3.2-95.30.i386.rpm 636317c552cea1a9630965f6e45f899c glibc-profile-2.3.2-95.30.i386.rpm 236418cf2a6a14cd76476bcac3a8993a glibc-utils-2.3.2-95.30.i386.rpm 64c4149f810e256e8d06b103c0d8c363 nscd-2.3.2-95.30.i386.rpm i686: 6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm 728500d49aee5022dca86339917da96e nptl-devel-2.3.2-95.30.i686.rpm ia64: 369fe6766b2a26d6343a926f4c780ef0 glibc-2.3.2-95.30.ia64.rpm 6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm df3a5511e22cb01ce6b2b5707c533462 glibc-common-2.3.2-95.30.ia64.rpm cc3df97be2243e442e101b2d9c3fea01 glibc-devel-2.3.2-95.30.ia64.rpm cd00415e215a6cf6a25ff93163ed7cbe glibc-headers-2.3.2-95.30.ia64.rpm ca3dc0c2dbfa6b9b71ae381f8a1a9071 glibc-profile-2.3.2-95.30.ia64.rpm 61d769397f3d56f5ca68e3dc39d85183 glibc-utils-2.3.2-95.30.ia64.rpm e7a7775d1524d0d06293bd70a3219f48 nptl-devel-2.3.2-95.30.ia64.rpm 4f08dd1c11db6642008537f00f052039 nscd-2.3.2-95.30.ia64.rpm x86_64: 8fbaabf048605769292dce75ec872c16 glibc-2.3.2-95.30.x86_64.rpm 6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm 50b56f52e724972728bd9c3fe966d09d glibc-common-2.3.2-95.30.x86_64.rpm 1bb80a3b886f01dbaa686d1a35ca587e glibc-devel-2.3.2-95.30.x86_64.rpm 310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm bc8bfbf3e8882548beb3cb5e8b4baa63 glibc-headers-2.3.2-95.30.x86_64.rpm 61bc8045440d3cdbfa424edfb6398d05 glibc-profile-2.3.2-95.30.x86_64.rpm b44f7d721f2a00f2832f6d973c9f6bf9 glibc-utils-2.3.2-95.30.x86_64.rpm 6ce9f413f4033200d3ece849c57ce908 nptl-devel-2.3.2-95.30.x86_64.rpm 0a246d37cf5b641cca48fff2c1006279 nscd-2.3.2-95.30.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/glibc-2.3.2-95.30.src.rpm d15df5dfa2e74b1a4abbb70e56dd25e4 glibc-2.3.2-95.30.src.rpm i386: fe7ce95c7354c232491d6f05cb27395d glibc-2.3.2-95.30.i386.rpm 98de4c318ef0e4febdb58bf41bcea1d8 glibc-common-2.3.2-95.30.i386.rpm 310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm 3fb18bb2724baaf3254d9caaad9e7178 glibc-headers-2.3.2-95.30.i386.rpm 636317c552cea1a9630965f6e45f899c glibc-profile-2.3.2-95.30.i386.rpm 236418cf2a6a14cd76476bcac3a8993a glibc-utils-2.3.2-95.30.i386.rpm 64c4149f810e256e8d06b103c0d8c363 nscd-2.3.2-95.30.i386.rpm i686: 6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm 728500d49aee5022dca86339917da96e nptl-devel-2.3.2-95.30.i686.rpm ia64: 369fe6766b2a26d6343a926f4c780ef0 glibc-2.3.2-95.30.ia64.rpm 6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm df3a5511e22cb01ce6b2b5707c533462 glibc-common-2.3.2-95.30.ia64.rpm cc3df97be2243e442e101b2d9c3fea01 glibc-devel-2.3.2-95.30.ia64.rpm cd00415e215a6cf6a25ff93163ed7cbe glibc-headers-2.3.2-95.30.ia64.rpm ca3dc0c2dbfa6b9b71ae381f8a1a9071 glibc-profile-2.3.2-95.30.ia64.rpm 61d769397f3d56f5ca68e3dc39d85183 glibc-utils-2.3.2-95.30.ia64.rpm e7a7775d1524d0d06293bd70a3219f48 nptl-devel-2.3.2-95.30.ia64.rpm 4f08dd1c11db6642008537f00f052039 nscd-2.3.2-95.30.ia64.rpm x86_64: 8fbaabf048605769292dce75ec872c16 glibc-2.3.2-95.30.x86_64.rpm 6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm 50b56f52e724972728bd9c3fe966d09d glibc-common-2.3.2-95.30.x86_64.rpm 1bb80a3b886f01dbaa686d1a35ca587e glibc-devel-2.3.2-95.30.x86_64.rpm 310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm bc8bfbf3e8882548beb3cb5e8b4baa63 glibc-headers-2.3.2-95.30.x86_64.rpm 61bc8045440d3cdbfa424edfb6398d05 glibc-profile-2.3.2-95.30.x86_64.rpm b44f7d721f2a00f2832f6d973c9f6bf9 glibc-utils-2.3.2-95.30.x86_64.rpm 6ce9f413f4033200d3ece849c57ce908 nptl-devel-2.3.2-95.30.x86_64.rpm 0a246d37cf5b641cca48fff2c1006279 nscd-2.3.2-95.30.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0968 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2004 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBxyIIXlSAg2UNWIIRAk7qAKCa+BNjb2QBu9k+SKwTxw5vMQTaKQCggAa9 hxb2MjAtJJiC0ScsKDLHsOA= =iZRe - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQcd0ASh9+71yA2DNAQJrtAQAlAhJ9qIgyAfz4hdCFc+H8hXC5Hs9/qb9 TvR9y/F1VbY60X2qRtn54YEbdE2iBcr4L9DVqqmU/cU96fCgKUMecFdYlG4iQJCb 77Bf4vZ/0z56oDhv6HdyDEGebGUYFFuX2TAbt7+mhTS7w7GgExckwSddsLBcSXEJ MfFUIOLRMZM= =38pU -----END PGP SIGNATURE-----