Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2004.0802 -- RHSA-2004:586-01
Updated glibc packages fix symlink vulnerability
21 December 2004
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: glibc
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Desktop version 3
Impact: Overwrite Arbitrary Files
Access: Existing Account
CVE Names: CAN-2004-0968
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated glibc packages
Advisory ID: RHSA-2004:586-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2004-586.html
Issue date: 2004-12-20
Updated on: 2004-12-20
Product: Red Hat Enterprise Linux
Keywords: glibc
Obsoletes: RHBA-2004:384-11
CVE Names: CAN-2004-0968
- - ---------------------------------------------------------------------
1. Summary:
Updated glibc packages that address several bugs and implement some
enhancements are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, i686, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, i686, x86_64
Red Hat Enterprise Linux ES version 3 - i386, i686, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, i686, ia64, x86_64
3. Problem description:
The GNU libc packages (known as glibc) contain the standard C libraries
used by applications.
This errata fixes several bugs in the GNU C Library.
Fixes include (in addition to enclosed Bugzilla entries):
- - - fixed 32-bit atomic operations on 64-bit powerpc
- - - fixed -m32 -I /usr/include/nptl compilation on AMD64
- - - NPTL <pthread.h> should now be usable in C++ code or -pedantic -std=c89 C
- - - rwlocks are now available also in the _POSIX_C_SOURCE=200112L namespace
- - - pthread_once is no longer throw(), as the callback routine might throw
- - - pthread_create now correctly returns EAGAIN when thread couldn't be
created because of lack of memory
- - - fixed NPTL stack freeing in case of pthread_create failure with detached
thread
- - - fixed pthread_mutex_timedlock on i386 and AMD64
- - - Itanium gp saving fix in linuxthreads
- - - fixed s390/s390x unwinding tests done during cancellation if stack frames
are small
- - - fixed fnmatch(3) backslash handling
- - - fixed out of memory behaviour of syslog(3)
- - - resolver ID randomization
- - - fixed fim (NaN, NaN)
- - - glob(3) fixes for dangling symlinks
- - - catchsegv fixed to work with both 32-bit and 64-bit binaries on x86-64,
s390x and ppc
- - - fixed reinitialization of _res when using NPTL stack cache
- - - updated bug reporting instructions, removed glibcbug script
- - - fixed infinite loop in iconv with some options
- - - fixed inet_aton return value
- - - CPU friendlier busy waiting in linuxthreads on EM64T and IA-64
- - - avoid blocking/masking debug signal in linuxthreads
- - - fixed locale program output when neither LC_ALL nor LANG is set
- - - fixed using of unitialized memory in localedef
- - - fixed mntent_r escape processing
- - - optimized mtrace script
- - - linuxthread_db fixes on ppc64
- - - cfi instructions in x86-64 linuxthreads vfork
- - - some _POSIX_C_SOURCE=200112L namespace fixes
All users of glibc should upgrade to these updated packages, which resolve
these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
123583 - getnameinfo does not use /etc/hosts for lookup of V4MAPPED addresses
132816 - glibc in RHEL 3 needs to have syslog.c updated to cvs version 1.42
132204 - glibc-nis-performance.patch causes gdm to hang
118574 - malloc exhausts memory to fast in mulithreaded program
127606 - __builtin_expect's prototype does not expect int args; assert feeds it just that
103415 - Weird string in date printing
136726 - RHEL3 U5: execvp fails if ENODEV encountered during PATH search
135234 - Problem with gethostbyaddr with latest UDP
136318 - CAN-2004-0968 temporary file vulnerabilities in catchsegv script
130254 - glibc's traceback() fails when called from an exception handler
116428 - RHEL3 U4: statfs64
132654 - LTC10984 - 1.3.1 Linux JVM hanging on RedHat EL 3 update 3
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/glibc-2.3.2-95.30.src.rpm
d15df5dfa2e74b1a4abbb70e56dd25e4 glibc-2.3.2-95.30.src.rpm
i386:
fe7ce95c7354c232491d6f05cb27395d glibc-2.3.2-95.30.i386.rpm
98de4c318ef0e4febdb58bf41bcea1d8 glibc-common-2.3.2-95.30.i386.rpm
310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm
3fb18bb2724baaf3254d9caaad9e7178 glibc-headers-2.3.2-95.30.i386.rpm
636317c552cea1a9630965f6e45f899c glibc-profile-2.3.2-95.30.i386.rpm
236418cf2a6a14cd76476bcac3a8993a glibc-utils-2.3.2-95.30.i386.rpm
64c4149f810e256e8d06b103c0d8c363 nscd-2.3.2-95.30.i386.rpm
i686:
6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm
728500d49aee5022dca86339917da96e nptl-devel-2.3.2-95.30.i686.rpm
ia64:
369fe6766b2a26d6343a926f4c780ef0 glibc-2.3.2-95.30.ia64.rpm
6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm
df3a5511e22cb01ce6b2b5707c533462 glibc-common-2.3.2-95.30.ia64.rpm
cc3df97be2243e442e101b2d9c3fea01 glibc-devel-2.3.2-95.30.ia64.rpm
cd00415e215a6cf6a25ff93163ed7cbe glibc-headers-2.3.2-95.30.ia64.rpm
ca3dc0c2dbfa6b9b71ae381f8a1a9071 glibc-profile-2.3.2-95.30.ia64.rpm
61d769397f3d56f5ca68e3dc39d85183 glibc-utils-2.3.2-95.30.ia64.rpm
e7a7775d1524d0d06293bd70a3219f48 nptl-devel-2.3.2-95.30.ia64.rpm
4f08dd1c11db6642008537f00f052039 nscd-2.3.2-95.30.ia64.rpm
ppc:
35b630a847e98347eb99378e399a4173 glibc-2.3.2-95.30.ppc.rpm
0342f43284d8e5364d40671dd1f39a7f glibc-common-2.3.2-95.30.ppc.rpm
27174c0559d4b834801eaceb0951519b glibc-devel-2.3.2-95.30.ppc.rpm
f2591e55453597b498e6305bf6573dd8 glibc-headers-2.3.2-95.30.ppc.rpm
9aa2fb865c592acc99f619efee28fb91 glibc-profile-2.3.2-95.30.ppc.rpm
d6d6dda1dff4ec5955f5f071448231cb glibc-utils-2.3.2-95.30.ppc.rpm
9eb568271b79c4a74a6c820cec1bccac nptl-devel-2.3.2-95.30.ppc.rpm
6be684c35aca2c6a832e07669dacfa13 nscd-2.3.2-95.30.ppc.rpm
ppc64:
f104ae96d787c07ec040e1d2f3af0e97 glibc-2.3.2-95.30.ppc64.rpm
98efde8788fb7dcfd4b9a6998bb811b0 glibc-devel-2.3.2-95.30.ppc64.rpm
s390:
e5d99ebe60b40dca7df6f422f92c423c glibc-2.3.2-95.30.s390.rpm
2c65559d9f8610664ffbcb746c37f475 glibc-common-2.3.2-95.30.s390.rpm
04353d1ad4afb81c338d1df644e749c1 glibc-devel-2.3.2-95.30.s390.rpm
183b1a623ef6e036f682a37a1f9fa10a glibc-headers-2.3.2-95.30.s390.rpm
43101d9b283ab6a84eb742b7d76bac75 glibc-profile-2.3.2-95.30.s390.rpm
8af2adc42acfa724b3e899209dc9e0a8 glibc-utils-2.3.2-95.30.s390.rpm
6a110224af8cf2bd76f5588439f63b62 nptl-devel-2.3.2-95.30.s390.rpm
90278c8c9895a35425f9cc9bbadeda61 nscd-2.3.2-95.30.s390.rpm
s390x:
035f10c1dea0b14d3016a761716211ae glibc-2.3.2-95.30.s390x.rpm
e5d99ebe60b40dca7df6f422f92c423c glibc-2.3.2-95.30.s390.rpm
7597b0648938e3fec4f1e489358d3edc glibc-common-2.3.2-95.30.s390x.rpm
9db1a132a7c23eae94aa7ccd80c8c14b glibc-devel-2.3.2-95.30.s390x.rpm
04353d1ad4afb81c338d1df644e749c1 glibc-devel-2.3.2-95.30.s390.rpm
6060c9fb082d112ecb2b02b9b12444e7 glibc-headers-2.3.2-95.30.s390x.rpm
d73d83f30399d40abe2420eee6306235 glibc-profile-2.3.2-95.30.s390x.rpm
a7ea709dadb4ec1d04d9d4964a55a18d glibc-utils-2.3.2-95.30.s390x.rpm
8d1f52855b2473a7750eb8280054dd78 nptl-devel-2.3.2-95.30.s390x.rpm
85ed7ba3006ba2ad471a95cfd9d0807d nscd-2.3.2-95.30.s390x.rpm
x86_64:
8fbaabf048605769292dce75ec872c16 glibc-2.3.2-95.30.x86_64.rpm
6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm
50b56f52e724972728bd9c3fe966d09d glibc-common-2.3.2-95.30.x86_64.rpm
1bb80a3b886f01dbaa686d1a35ca587e glibc-devel-2.3.2-95.30.x86_64.rpm
310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm
bc8bfbf3e8882548beb3cb5e8b4baa63 glibc-headers-2.3.2-95.30.x86_64.rpm
61bc8045440d3cdbfa424edfb6398d05 glibc-profile-2.3.2-95.30.x86_64.rpm
b44f7d721f2a00f2832f6d973c9f6bf9 glibc-utils-2.3.2-95.30.x86_64.rpm
6ce9f413f4033200d3ece849c57ce908 nptl-devel-2.3.2-95.30.x86_64.rpm
0a246d37cf5b641cca48fff2c1006279 nscd-2.3.2-95.30.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/glibc-2.3.2-95.30.src.rpm
d15df5dfa2e74b1a4abbb70e56dd25e4 glibc-2.3.2-95.30.src.rpm
i386:
fe7ce95c7354c232491d6f05cb27395d glibc-2.3.2-95.30.i386.rpm
98de4c318ef0e4febdb58bf41bcea1d8 glibc-common-2.3.2-95.30.i386.rpm
310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm
3fb18bb2724baaf3254d9caaad9e7178 glibc-headers-2.3.2-95.30.i386.rpm
636317c552cea1a9630965f6e45f899c glibc-profile-2.3.2-95.30.i386.rpm
236418cf2a6a14cd76476bcac3a8993a glibc-utils-2.3.2-95.30.i386.rpm
64c4149f810e256e8d06b103c0d8c363 nscd-2.3.2-95.30.i386.rpm
i686:
6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm
728500d49aee5022dca86339917da96e nptl-devel-2.3.2-95.30.i686.rpm
x86_64:
8fbaabf048605769292dce75ec872c16 glibc-2.3.2-95.30.x86_64.rpm
6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm
50b56f52e724972728bd9c3fe966d09d glibc-common-2.3.2-95.30.x86_64.rpm
1bb80a3b886f01dbaa686d1a35ca587e glibc-devel-2.3.2-95.30.x86_64.rpm
310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm
bc8bfbf3e8882548beb3cb5e8b4baa63 glibc-headers-2.3.2-95.30.x86_64.rpm
61bc8045440d3cdbfa424edfb6398d05 glibc-profile-2.3.2-95.30.x86_64.rpm
b44f7d721f2a00f2832f6d973c9f6bf9 glibc-utils-2.3.2-95.30.x86_64.rpm
6ce9f413f4033200d3ece849c57ce908 nptl-devel-2.3.2-95.30.x86_64.rpm
0a246d37cf5b641cca48fff2c1006279 nscd-2.3.2-95.30.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/glibc-2.3.2-95.30.src.rpm
d15df5dfa2e74b1a4abbb70e56dd25e4 glibc-2.3.2-95.30.src.rpm
i386:
fe7ce95c7354c232491d6f05cb27395d glibc-2.3.2-95.30.i386.rpm
98de4c318ef0e4febdb58bf41bcea1d8 glibc-common-2.3.2-95.30.i386.rpm
310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm
3fb18bb2724baaf3254d9caaad9e7178 glibc-headers-2.3.2-95.30.i386.rpm
636317c552cea1a9630965f6e45f899c glibc-profile-2.3.2-95.30.i386.rpm
236418cf2a6a14cd76476bcac3a8993a glibc-utils-2.3.2-95.30.i386.rpm
64c4149f810e256e8d06b103c0d8c363 nscd-2.3.2-95.30.i386.rpm
i686:
6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm
728500d49aee5022dca86339917da96e nptl-devel-2.3.2-95.30.i686.rpm
ia64:
369fe6766b2a26d6343a926f4c780ef0 glibc-2.3.2-95.30.ia64.rpm
6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm
df3a5511e22cb01ce6b2b5707c533462 glibc-common-2.3.2-95.30.ia64.rpm
cc3df97be2243e442e101b2d9c3fea01 glibc-devel-2.3.2-95.30.ia64.rpm
cd00415e215a6cf6a25ff93163ed7cbe glibc-headers-2.3.2-95.30.ia64.rpm
ca3dc0c2dbfa6b9b71ae381f8a1a9071 glibc-profile-2.3.2-95.30.ia64.rpm
61d769397f3d56f5ca68e3dc39d85183 glibc-utils-2.3.2-95.30.ia64.rpm
e7a7775d1524d0d06293bd70a3219f48 nptl-devel-2.3.2-95.30.ia64.rpm
4f08dd1c11db6642008537f00f052039 nscd-2.3.2-95.30.ia64.rpm
x86_64:
8fbaabf048605769292dce75ec872c16 glibc-2.3.2-95.30.x86_64.rpm
6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm
50b56f52e724972728bd9c3fe966d09d glibc-common-2.3.2-95.30.x86_64.rpm
1bb80a3b886f01dbaa686d1a35ca587e glibc-devel-2.3.2-95.30.x86_64.rpm
310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm
bc8bfbf3e8882548beb3cb5e8b4baa63 glibc-headers-2.3.2-95.30.x86_64.rpm
61bc8045440d3cdbfa424edfb6398d05 glibc-profile-2.3.2-95.30.x86_64.rpm
b44f7d721f2a00f2832f6d973c9f6bf9 glibc-utils-2.3.2-95.30.x86_64.rpm
6ce9f413f4033200d3ece849c57ce908 nptl-devel-2.3.2-95.30.x86_64.rpm
0a246d37cf5b641cca48fff2c1006279 nscd-2.3.2-95.30.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/glibc-2.3.2-95.30.src.rpm
d15df5dfa2e74b1a4abbb70e56dd25e4 glibc-2.3.2-95.30.src.rpm
i386:
fe7ce95c7354c232491d6f05cb27395d glibc-2.3.2-95.30.i386.rpm
98de4c318ef0e4febdb58bf41bcea1d8 glibc-common-2.3.2-95.30.i386.rpm
310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm
3fb18bb2724baaf3254d9caaad9e7178 glibc-headers-2.3.2-95.30.i386.rpm
636317c552cea1a9630965f6e45f899c glibc-profile-2.3.2-95.30.i386.rpm
236418cf2a6a14cd76476bcac3a8993a glibc-utils-2.3.2-95.30.i386.rpm
64c4149f810e256e8d06b103c0d8c363 nscd-2.3.2-95.30.i386.rpm
i686:
6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm
728500d49aee5022dca86339917da96e nptl-devel-2.3.2-95.30.i686.rpm
ia64:
369fe6766b2a26d6343a926f4c780ef0 glibc-2.3.2-95.30.ia64.rpm
6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm
df3a5511e22cb01ce6b2b5707c533462 glibc-common-2.3.2-95.30.ia64.rpm
cc3df97be2243e442e101b2d9c3fea01 glibc-devel-2.3.2-95.30.ia64.rpm
cd00415e215a6cf6a25ff93163ed7cbe glibc-headers-2.3.2-95.30.ia64.rpm
ca3dc0c2dbfa6b9b71ae381f8a1a9071 glibc-profile-2.3.2-95.30.ia64.rpm
61d769397f3d56f5ca68e3dc39d85183 glibc-utils-2.3.2-95.30.ia64.rpm
e7a7775d1524d0d06293bd70a3219f48 nptl-devel-2.3.2-95.30.ia64.rpm
4f08dd1c11db6642008537f00f052039 nscd-2.3.2-95.30.ia64.rpm
x86_64:
8fbaabf048605769292dce75ec872c16 glibc-2.3.2-95.30.x86_64.rpm
6e2c8d12a10dae784a2f0f8d39af05d1 glibc-2.3.2-95.30.i686.rpm
50b56f52e724972728bd9c3fe966d09d glibc-common-2.3.2-95.30.x86_64.rpm
1bb80a3b886f01dbaa686d1a35ca587e glibc-devel-2.3.2-95.30.x86_64.rpm
310f94898b51fe70491caa50764ec058 glibc-devel-2.3.2-95.30.i386.rpm
bc8bfbf3e8882548beb3cb5e8b4baa63 glibc-headers-2.3.2-95.30.x86_64.rpm
61bc8045440d3cdbfa424edfb6398d05 glibc-profile-2.3.2-95.30.x86_64.rpm
b44f7d721f2a00f2832f6d973c9f6bf9 glibc-utils-2.3.2-95.30.x86_64.rpm
6ce9f413f4033200d3ece849c57ce908 nptl-devel-2.3.2-95.30.x86_64.rpm
0a246d37cf5b641cca48fff2c1006279 nscd-2.3.2-95.30.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0968
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2004 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBxyIIXlSAg2UNWIIRAk7qAKCa+BNjb2QBu9k+SKwTxw5vMQTaKQCggAa9
hxb2MjAtJJiC0ScsKDLHsOA=
=iZRe
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQcd0ASh9+71yA2DNAQJrtAQAlAhJ9qIgyAfz4hdCFc+H8hXC5Hs9/qb9
TvR9y/F1VbY60X2qRtn54YEbdE2iBcr4L9DVqqmU/cU96fCgKUMecFdYlG4iQJCb
77Bf4vZ/0z56oDhv6HdyDEGebGUYFFuX2TAbt7+mhTS7w7GgExckwSddsLBcSXEJ
MfFUIOLRMZM=
=38pU
-----END PGP SIGNATURE-----