[16666] in bugtraq
Re: [RHSA-2000:057-04] glibc vulnerabilities in ld.so,
daemon@ATHENA.MIT.EDU (Jim Knoble)
Fri Sep 8 16:33:47 2000
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000908122854.B12324@ntrnet.net>
Date: Fri, 8 Sep 2000 12:28:54 -0400
Reply-To: Jim Knoble <jmknoble@jmknoble.cx>
From: Jim Knoble <jmknoble@PINT-STOWP.CX>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200009072037.QAA09120@lacrosse.corp.redhat.com>; from
bugzilla@REDHAT.COM on Thu, Sep 07, 2000 at 04:37:00PM -0400
What about the compatibility glibc libraries under Red Hat Linux 6.x:
$ cat /etc/redhat-release
Red Hat Linux release 6.2 (Zoot)
$ rpm -qa |fgrep compat |fgrep libc
compat-glibc-5.2-2.0.7.2
$
Are they vulnerable? Will a fix be released? Do any other
distributions have such compatibility libraries?
--
jim knoble | jmknoble@jmknoble.cx | http://www.jmknoble.cx/
Circa 2000-Sep-07 16:37:00 -0400 dixit bugzilla@REDHAT.COM:
: ---------------------------------------------------------------------
: Red Hat, Inc. Security Advisory
:
: Synopsis: glibc vulnerabilities in ld.so, locale and gettext
: Advisory ID: RHSA-2000:057-04
: Issue date: 2000-09-01
: Updated on: 2000-09-07
: Product: Red Hat Linux
: Keywords: glibc ld.so locale LANG gettext LD_PRELOAD threads
: Cross references: N/A
: ---------------------------------------------------------------------
:
: 1. Topic:
:
: Several bugs were discovered in glibc which could allow local users to
: gain root privileges.
:
: 2. Relevant releases/architectures:
:
: Red Hat Linux 5.0 - i386, alpha
: Red Hat Linux 5.1 - i386, alpha, sparc
: Red Hat Linux 5.2 - i386, alpha, sparc
^^^^^^^^^^^^^^^^^^^
: Red Hat Linux 6.0 - i386, alpha, sparc
: Red Hat Linux 6.1 - i386, alpha, sparc, sparcv9
: Red Hat Linux 6.2 - i386, alpha, sparc, sparcv9
[...]
: 6. RPMs required:
[...]
: Red Hat Linux 6.2:
[...]
: i386:
: ftp://updates.redhat.com/6.2/i386/glibc-2.1.3-21.i386.rpm
: ftp://updates.redhat.com/6.2/i386/glibc-devel-2.1.3-21.i386.rpm
: ftp://updates.redhat.com/6.2/i386/glibc-profile-2.1.3-21.i386.rpm
: ftp://updates.redhat.com/6.2/i386/nscd-2.1.3-21.i386.rpm
:
[Note no compat packages listed...]
: sources:
: ftp://updates.redhat.com/6.2/SRPMS/glibc-2.1.3-21.src.rpm
:
: 7. Verification: [....]
