[16675] in bugtraq

home help back first fref pref prev next nref lref last post

Re: [RHSA-2000:057-04] glibc vulnerabilities in ld.so,

daemon@ATHENA.MIT.EDU (Roman Drahtmueller)
Sat Sep 9 02:29:31 2000

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Message-Id:  <Pine.LNX.4.21.0009090145340.28586-100000@dent.suse.de>
Date:         Sat, 9 Sep 2000 02:48:11 +0200
Reply-To: Roman Drahtmueller <draht@SUSE.DE>
From: Roman Drahtmueller <draht@SUSE.DE>
X-To:         Jim Knoble <jmknoble@jmknoble.cx>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <20000908122854.B12324@ntrnet.net>

> What about the compatibility glibc libraries under Red Hat Linux 6.x:
>
>   $ cat /etc/redhat-release
>   Red Hat Linux release 6.2 (Zoot)
>   $ rpm -qa |fgrep compat |fgrep libc
>   compat-glibc-5.2-2.0.7.2
>   $
>
> Are they vulnerable?  Will a fix be released?  Do any other
> distributions have such compatibility libraries?

SuSE distributions after (including) Version 6.0 came with libc-5.4.4? for
optional backward compatibility if binaries from older Linux distributions
need the good old libc5. As of today, libc5 is not known to be affected by
the recently discovered locale-related bugs.

SuSE distributions come with binaries linked only against _one_ single
libc/glibc version. (.1.)

***
Compatibility libraries between glibc-2.0 and glibc-2.1 based versions of
SuSE are not provided for stability reasons.
***

SuSE-5.3 came with a package named `shlibs6' (in series a1) to enable the
execution of glibc-2.0-linked programs. This library may be affected by
the recently discovered errors, whereas SuSE-5.3 packages do not depend on
this library, though, as stated in (.1.). Please remove the package using
the command 'rpm -e shlibs6' if you do not need it. There is no update
package for shlibs6 in SuSE-5.3, support for shlibs6/SuSE-5.3 has been
discontinued for stability reasons.


brief overview:

SuSE	Kernel		libc			optional (not
version	version		version 		required) libraries
---------------------------------------------------------------------
5.3	2.0		libc-5.4 (glibc-1)	libc-6.0 (glibc-2.0)
6.0	2.0		libc-6.0 (glibc-2.0)	libc-5.4 (glibc-1)
6.1	2.2		libc-6.0 (glibc-2.0)	libc-5.4 (glibc-1)
6.2	2.2		libc-6.1 (glibc-2.1)	libc-5.4 (glibc-1)
6.3	 %			%			%
6.4	 %			%			%
7.0	 %			%			%


Thanks,
Roman.
--
 -                                                                      -
| Roman Drahtm|ller      <draht@suse.de> //          "Caution: Cape does |
  SuSE GmbH - Security           Phone: //       not enable user to fly."
| N|rnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
 -                                                                      -

home help back first fref pref prev next nref lref last post